Hi, First I can't see if a bug report at Sat May 8 2010 00:51:35 UTC is the same. File: pdf_shade.c Function: pdf_loadtype6shade prevp variable is declared like this: fz_point prevp[12] but then is used: p[2] = prevp[12]; So the index is out of bounds. Best regards, Mauro.
I believe that it should be: p[0] = prevp[10]; p[1] = prevp[11]; p[2] = prevp[ 0]; //original index was 12 p[3] = prevp[ 1]; //original index was 0
Could you please attach a sample PDF so that I can verify the patch? I'm having a hard time finding test files with coons patches.
Hi Tor, I don't know the internals of muPdf. I downloaded the code and began to apply some patches in order to use the library in some internal converter I need. When I was compiling the 'pdf_shade.c' file with VS2005, a warning appeared about the index is out of bounds. I saw the code and really the array is declared to only have 12 elements so index 12 is a bug. So, doing a mini-analyzis, I put in Comment #1 what I believe is the patched code by seeing the sequence in the original one. I'm not sure if it is correct and I haven't a file to test it (as I said, it was discovered at compile time) I think that you should change the code with my patch and add something like a TODO comment in order to advice that code should be reviewed and leave the bug active until you or someone else could write a fixed patch. Best regards, Mauro.
Sounds fair enough -- we've searched through several thousand test files and couldn't find a single case...
Perfect. If I have some news I will tell you. Good luck and very good work.
(In reply to Tor Andersson from comment #4) > Sounds fair enough -- we've searched through several thousand test files and > couldn't find a single case... There are coons shading examples here: https://issues.apache.org/jira/browse/PDFBOX-1915 (just search for the word "coons" on the page)