Bug 9416

Summary:	Add type checking to Annot.cc processing of "Rect"
Product:	poppler	Reporter:	Scott Turner <scotty1024>
Component:	general	Assignee:	poppler-bugs <poppler-bugs>
Status:	RESOLVED FIXED	QA Contact:
Severity:	enhancement
Priority:	high
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
i915 platform:		i915 features:

Description Scott Turner 2006-12-21 11:54:33 UTC

Code below adds parameter type checking to Rect processing in Annot.cc

--- poppler/Annot.h.~1.2.~      2005-10-16 07:54:17.000000000 -0700
+++ poppler/Annot.h     2006-12-21 11:49:20.000000000 -0800
@@ -36,6 +36,7 @@
 private:
 
   void generateAppearance(Dict *acroForm, Dict *dict);
+  void readArrayNum(Object *pdfArray, int key, double *value);
 
   XRef *xref;                  // the xref table for this PDF file
   Object appearance;           // a reference to the Form XObject stream
[sbox-iliad27: ~/poppler] > diff -U3 -b poppler/Annot.cc.~1.5.~ poppler/Annot.cc--- poppler/
Annot.cc.~1.5.~     2006-02-06 10:50:11.000000000 -0800
+++ poppler/Annot.cc    2006-12-21 11:47:00.000000000 -0800
@@ -30,25 +30,18 @@
   GBool regen, isTextField;
   double t;
 
-  ok = gFalse;
+  ok = gTrue;
   xref = xrefA;
   appearBuf = NULL;
 
   if (dict->lookup("Rect", &obj1)->isArray() &&
       obj1.arrayGetLength() == 4) {
-    //~ should check object types here
-    obj1.arrayGet(0, &obj2);
-    xMin = obj2.getNum();
-    obj2.free();
-    obj1.arrayGet(1, &obj2);
-    yMin = obj2.getNum();
-    obj2.free();
-    obj1.arrayGet(2, &obj2);
-    xMax = obj2.getNum();
-    obj2.free();
-    obj1.arrayGet(3, &obj2);
-    yMax = obj2.getNum();
-    obj2.free();
+    readArrayNum( &obj1, 0, &xMin);
+    readArrayNum( &obj1, 1, &yMin);
+    readArrayNum( &obj1, 2, &xMax);
+    readArrayNum( &obj1, 3, &yMax);
+
+    if (ok) {
     if (xMin > xMax) {
       t = xMin; xMin = xMax; xMax = t;
     }
@@ -60,8 +53,11 @@
     xMin = yMin = 0;
     xMax = yMax = 1;
   }
+  }
   obj1.free();
 
+  ok = gFalse;
+
   // check if field apperances need to be regenerated
   regen = gFalse;
   if (acroForm) {
@@ -112,6 +108,19 @@
 #endif
 }
 
+void Annot::readArrayNum(Object *pdfArray, int key, double *value) {
+  Object valueObject;
+
+  pdfArray->arrayGet(key, &valueObject);
+  if (valueObject.isNum()) {
+    *value = valueObject.getNum();
+  } else {
+    *value = 0;
+    ok = gFalse;
+  }
+  valueObject.free();
+}
+
 Annot::~Annot() {
   appearance.free();
   if (appearBuf) {

Comment 1 Albert Astals Cid 2006-12-24 03:49:26 UTC

Would not be necessary to keep the else for when
if (dict->lookup("Rect", &obj1)->isArray() && obj1.arrayGetLength() == 4)
is false?

Comment 2 Scott Turner 2006-12-27 09:36:17 UTC

I think the code needs some ability for it to signal an error but I don't have enough experience with the 
code base to figure out how that should be added.

Comment 3 Albert Astals Cid 2006-12-27 15:14:33 UTC

commited to cvs, thanks for the patch.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.