Refactoring bug hunting test cases for CVE issues. Leave source code unmodified.

This commit is contained in:
Daniel Marjamäki 2020-05-02 21:57:36 +02:00
parent e75c7fa26f
commit b204be474a
32 changed files with 547 additions and 43 deletions

View File

@ -14,32 +14,45 @@ else:
CPPCHECK_PATH = '../../cppcheck' CPPCHECK_PATH = '../../cppcheck'
TEST_SUITE = 'cve' TEST_SUITE = 'cve'
RUN_CLANG = ('--clang' in sys.argv) def test(test_folder):
print(test_folder)
cmd_file = os.path.join(test_folder, 'cmd.txt')
expected_file = os.path.join(test_folder, 'expected.txt')
def check():
cmd = [CPPCHECK_PATH, cmd = [CPPCHECK_PATH,
'-D__GNUC__', '-D__GNUC__',
'--bug-hunting', '--bug-hunting',
'--inconclusive', '--inconclusive',
'--platform=unix64', '--platform=unix64',
'--inline-suppr', '--template={file}:{line}:{id}',
'--enable=information', '-rp=' + test_folder,
TEST_SUITE] test_folder]
if RUN_CLANG:
cmd.append('--clang') if os.path.isfile(cmd_file):
print(' '.join(cmd)) for line in open(cmd_file, 'rt'):
if len(line) > 1:
cmd.append(line.strip())
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
comm = p.communicate() comm = p.communicate()
stdout = comm[0].decode(encoding='utf-8', errors='ignore') stdout = comm[0].decode(encoding='utf-8', errors='ignore')
stderr = comm[1].decode(encoding='utf-8', errors='ignore') stderr = comm[1].decode(encoding='utf-8', errors='ignore')
# Ensure there are no unmatched suppressions with open(expected_file, 'rt') as f:
if '[unmatchedSuppression]' in stderr: for expected in f.readlines():
print('FAILED: There are unmatched suppressions') if expected.strip() not in stderr.split('\n'):
sys.exit(1) print('FAILED. Expected result not found: ' + expected)
else: print('Command:')
print('SUCCESS') print(' '.join(cmd))
print('Output:')
print(stderr)
sys.exit(1)
if len(sys.argv) > 1:
test(sys.argv[1])
sys.exit(0)
for test_folder in sorted(glob.glob(TEST_SUITE + '/CVE*')):
test(test_folder)
check()

View File

@ -0,0 +1,2 @@
qppmhandler.cpp:223:bughuntingDivByZero
qppmhandler.cpp:255:bughuntingDivByZero

View File

@ -220,7 +220,7 @@ static bool read_pbm_body(QIODevice *device, char type, int w, int h, int mcc, Q
return false; return false;
if (nbits == 8 && mcc < 255) { if (nbits == 8 && mcc < 255) {
for (int i = 0; i < pbm_bpl; i++) for (int i = 0; i < pbm_bpl; i++)
p[i] = (p[i] * 255) / mcc; // cppcheck-suppress bughuntingDivByZero p[i] = (p[i] * 255) / mcc;
} }
} }
} }
@ -252,7 +252,7 @@ static bool read_pbm_body(QIODevice *device, char type, int w, int h, int mcc, Q
} }
} else { } else {
while (n--) { while (n--) {
*p++ = read_pbm_int(device) * 255 / mcc; // cppcheck-suppress bughuntingDivByZero *p++ = read_pbm_int(device) * 255 / mcc;
} }
} }
} else { // 32 bits } else { // 32 bits

View File

@ -1371,7 +1371,7 @@ int PostScriptFunction::exec(double *stack, int sp0) {
if (sp + 1 >= psStackSize) { if (sp + 1 >= psStackSize) {
goto underflow; goto underflow;
} }
stack[sp + 1] = (int)stack[sp + 1] / (int)stack[sp]; // cppcheck-suppress bughuntingDivByZero stack[sp + 1] = (int)stack[sp + 1] / (int)stack[sp];
++sp; ++sp;
break; break;
case psOpIndex: case psOpIndex:

View File

@ -0,0 +1,2 @@
Function.cc:1374:bughuntingDivByZero

View File

@ -1,6 +1,3 @@
// Cppcheck bug hunting define:
#define HAVE_SPLASH 1
//======================================================================== //========================================================================
// //
// PSOutputDev.cc // PSOutputDev.cc
@ -4198,7 +4195,7 @@ GBool PSOutputDev::checkPageSlice(Page *page, double hDPI, double vDPI,
} }
nStripes = (int)ceil(((double)sliceW * (double)sliceH) / nStripes = (int)ceil(((double)sliceW * (double)sliceH) /
(double)globalParams->getPSRasterSliceSize()); (double)globalParams->getPSRasterSliceSize());
stripeH = (sliceH + nStripes - 1) / nStripes; // cppcheck-suppress bughuntingDivByZero stripeH = (sliceH + nStripes - 1) / nStripes;
// render the stripes // render the stripes
for (stripeY = sliceY; stripeY < sliceH; stripeY += stripeH) { for (stripeY = sliceY; stripeY < sliceH; stripeY += stripeH) {
@ -4345,6 +4342,7 @@ GBool PSOutputDev::checkPageSlice(Page *page, double hDPI, double vDPI,
endPage(); endPage();
return gFalse; return gFalse;
#else // HAVE_SPLASH #else // HAVE_SPLASH
error(errSyntaxWarning, -1, error(errSyntaxWarning, -1,

View File

@ -0,0 +1 @@
-DHAVE_SPLASH=1

View File

@ -0,0 +1 @@
PSOutputDev.cc:4198:bughuntingDivByZero

View File

@ -5556,8 +5556,8 @@ void Splash::scaleImageYuXu(SplashImageSource src, void *srcData,
yq = scaledHeight % srcHeight; yq = scaledHeight % srcHeight;
// Bresenham parameters for x scale // Bresenham parameters for x scale
xp = scaledWidth / srcWidth; // cppcheck-suppress bughuntingDivByZero xp = scaledWidth / srcWidth;
xq = scaledWidth % srcWidth; // cppcheck-suppress bughuntingDivByZero xq = scaledWidth % srcWidth;
// allocate buffers // allocate buffers
lineBuf = (Guchar *)gmallocn(srcWidth, nComps); lineBuf = (Guchar *)gmallocn(srcWidth, nComps);

View File

@ -0,0 +1,2 @@
Splash.cc:5559:bughuntingDivByZero
Splash.cc:5560:bughuntingDivByZero

View File

@ -356,7 +356,7 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
nVals = width * nComps; nVals = width * nComps;
inputLineSize = (nVals * nBits + 7) >> 3; inputLineSize = (nVals * nBits + 7) >> 3;
if (width > INT_MAX / nComps || // cppcheck-suppress bughuntingDivByZero if (width > INT_MAX / nComps ||
nVals > (INT_MAX - 7) / nBits) { nVals > (INT_MAX - 7) / nBits) {
// force a call to gmallocn(-1,...), which will throw an exception // force a call to gmallocn(-1,...), which will throw an exception
inputLineSize = -1; inputLineSize = -1;

View File

@ -0,0 +1 @@
Stream.cc:359:bughuntingDivByZero

View File

@ -1417,7 +1417,7 @@ int PostScriptFunction::exec(double *stack, int sp0) {
if (sp + 1 >= psStackSize) { if (sp + 1 >= psStackSize) {
goto underflow; goto underflow;
} }
stack[sp + 1] = (int)stack[sp + 1] % (int)stack[sp]; // cppcheck-suppress bughuntingDivByZero stack[sp + 1] = (int)stack[sp + 1] % (int)stack[sp];
++sp; ++sp;
break; break;
case psOpMul: case psOpMul:

View File

@ -0,0 +1 @@
Function.cc:1420:bughuntingDivByZero

View File

@ -5552,12 +5552,12 @@ void Splash::scaleImageYuXu(SplashImageSource src, void *srcData,
int i; int i;
// Bresenham parameters for y scale // Bresenham parameters for y scale
yp = scaledHeight / srcHeight; // cppcheck-suppress bughuntingDivByZero yp = scaledHeight / srcHeight;
yq = scaledHeight % srcHeight; // cppcheck-suppress bughuntingDivByZero yq = scaledHeight % srcHeight;
// Bresenham parameters for x scale // Bresenham parameters for x scale
xp = scaledWidth / srcWidth; // cppcheck-suppress bughuntingDivByZero xp = scaledWidth / srcWidth;
xq = scaledWidth % srcWidth; // cppcheck-suppress bughuntingDivByZero xq = scaledWidth % srcWidth;
// allocate buffers // allocate buffers
lineBuf = (Guchar *)gmallocn(srcWidth, nComps); lineBuf = (Guchar *)gmallocn(srcWidth, nComps);

View File

@ -0,0 +1,3 @@
Splash.cc:5555:bughuntingDivByZero
Splash.cc:5556:bughuntingDivByZero

View File

@ -357,7 +357,7 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
nVals = width * nComps; nVals = width * nComps;
inputLineSize = (nVals * nBits + 7) >> 3; inputLineSize = (nVals * nBits + 7) >> 3;
if (width > INT_MAX / nComps || if (width > INT_MAX / nComps ||
nVals > (INT_MAX - 7) / nBits) { // cppcheck-suppress bughuntingDivByZero nVals > (INT_MAX - 7) / nBits) {
// force a call to gmallocn(-1,...), which will throw an exception // force a call to gmallocn(-1,...), which will throw an exception
inputLineSize = -1; inputLineSize = -1;
} }

View File

@ -0,0 +1 @@
Stream.cc:360:bughuntingDivByZero

View File

@ -1472,9 +1472,9 @@ int PostScriptFunction::exec(double *stack, int sp0) {
goto underflow; goto underflow;
} }
if (k >= 0) { if (k >= 0) {
k %= nn; // cppcheck-suppress bughuntingDivByZero k %= nn;
} else { } else {
k = -k % nn; // cppcheck-suppress bughuntingDivByZero k = -k % nn;
if (k) { if (k) {
k = nn - k; k = nn - k;
} }
@ -1483,7 +1483,7 @@ int PostScriptFunction::exec(double *stack, int sp0) {
tmp[i] = stack[sp + i]; tmp[i] = stack[sp + i];
} }
for (i = 0; i < nn; ++i) { for (i = 0; i < nn; ++i) {
stack[sp + i] = tmp[(i + k) % nn]; // cppcheck-suppress bughuntingDivByZero stack[sp + i] = tmp[(i + k) % nn];
} }
break; break;
case psOpRound: case psOpRound:

View File

@ -0,0 +1,4 @@
Function.cc:1475:bughuntingDivByZero
Function.cc:1477:bughuntingDivByZero
Function.cc:1486:bughuntingDivByZero

View File

@ -0,0 +1 @@
-DCONFIG_ADX_MUXER=1

View File

@ -0,0 +1 @@
libavformat_rawenc.c:70:bughuntingDivByZero

View File

@ -58,7 +58,7 @@ AVOutputFormat ff_ac3_muxer = {
}; };
#endif #endif
////#if CONFIG_ADX_MUXER #if CONFIG_ADX_MUXER
static int adx_write_trailer(AVFormatContext *s) static int adx_write_trailer(AVFormatContext *s)
{ {
@ -67,7 +67,7 @@ static int adx_write_trailer(AVFormatContext *s)
if (pb->seekable & AVIO_SEEKABLE_NORMAL) { if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
int64_t file_size = avio_tell(pb); int64_t file_size = avio_tell(pb);
uint64_t sample_count = (file_size - 36) / par->channels / 18 * 32; // cppcheck-suppress bughuntingDivByZero uint64_t sample_count = (file_size - 36) / par->channels / 18 * 32;
if (sample_count <= UINT32_MAX) { if (sample_count <= UINT32_MAX) {
avio_seek(pb, 12, SEEK_SET); avio_seek(pb, 12, SEEK_SET);
avio_wb32(pb, sample_count); avio_wb32(pb, sample_count);
@ -89,7 +89,7 @@ AVOutputFormat ff_adx_muxer = {
.write_trailer = adx_write_trailer, .write_trailer = adx_write_trailer,
.flags = AVFMT_NOTIMESTAMPS, .flags = AVFMT_NOTIMESTAMPS,
}; };
////#endif #endif
#if CONFIG_APTX_MUXER #if CONFIG_APTX_MUXER
AVOutputFormat ff_aptx_muxer = { AVOutputFormat ff_aptx_muxer = {

View File

@ -1835,7 +1835,7 @@ read_gs_section_group(
return DW_DLV_ERROR; return DW_DLV_ERROR;
} }
dp = data; dp = data;
count = seclen/psh->gh_entsize; // cppcheck-suppress bughuntingDivByZero count = seclen/psh->gh_entsize;
if (count > ep->f_loc_shdr.g_count) { if (count > ep->f_loc_shdr.g_count) {
/* Impossible */ /* Impossible */
free(data); free(data);

View File

@ -0,0 +1 @@
dwarf_elf_load_headers.c:1838:bughuntingDivByZero

View File

@ -0,0 +1 @@
floppy.c:2131:bughuntingDivByZero

View File

@ -2128,7 +2128,7 @@ static void setup_format_params(int track)
/* position of logical sector 1 on this track */ /* position of logical sector 1 on this track */
n = (track_shift * format_req.track + head_shift * format_req.head) n = (track_shift * format_req.track + head_shift * format_req.head)
% F_SECT_PER_TRACK; // cppcheck-suppress bughuntingDivByZero % F_SECT_PER_TRACK;
/* determine interleave */ /* determine interleave */
il = 1; il = 1;

View File

@ -4488,7 +4488,7 @@ void SplashOutputDev::setFreeTypeHinting(bool enable, bool enableSlightHintingA)
enableSlightHinting = enableSlightHintingA; enableSlightHinting = enableSlightHintingA;
} }
bool /*SplashOutputDev::*/tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog *catalog, Object *str, bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog *catalog, Object *str,
const double *ptm, int paintType, int /*tilingType*/, Dict *resDict, const double *ptm, int paintType, int /*tilingType*/, Dict *resDict,
const double *mat, const double *bbox, const double *mat, const double *bbox,
int x0, int y0, int x1, int y1, int x0, int y0, int x1, int y1,
@ -4581,8 +4581,8 @@ bool /*SplashOutputDev::*/tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog
surface_width = (int) ceil (fabs(kx)); surface_width = (int) ceil (fabs(kx));
surface_height = (int) ceil (fabs(ky)); surface_height = (int) ceil (fabs(ky));
// adjust repeat values to completely fill region // adjust repeat values to completely fill region
repeatX = result_width / surface_width; // cppcheck-suppress bughuntingDivByZero repeatX = result_width / surface_width;
repeatY = result_height / surface_height; // cppcheck-suppress bughuntingDivByZero repeatY = result_height / surface_height;
if (surface_width * repeatX < result_width) if (surface_width * repeatX < result_width)
repeatX++; repeatX++;
if (surface_height * repeatY < result_height) if (surface_height * repeatY < result_height)

View File

@ -0,0 +1,467 @@
//========================================================================
//
// SplashOutputDev.h
//
// Copyright 2003 Glyph & Cog, LLC
//
//========================================================================
//========================================================================
//
// Modified under the Poppler project - http://poppler.freedesktop.org
//
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
// Copyright (C) 2005 Takashi Iwai <tiwai@suse.de>
// Copyright (C) 2009-2016 Thomas Freitag <Thomas.Freitag@alfa.de>
// Copyright (C) 2009 Carlos Garcia Campos <carlosgc@gnome.org>
// Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com>
// Copyright (C) 2011 Andreas Hartmetz <ahartmetz@gmail.com>
// Copyright (C) 2011 Andrea Canciani <ranma42@gmail.com>
// Copyright (C) 2011, 2017 Adrian Johnson <ajohnson@redneon.com>
// Copyright (C) 2012, 2015, 2018 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2015, 2016 William Bader <williambader@hotmail.com>
// Copyright (C) 2018 Stefan Brüns <stefan.bruens@rwth-aachen.de>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
//
//========================================================================
#ifndef SPLASHOUTPUTDEV_H
#define SPLASHOUTPUTDEV_H
#include "splash/SplashTypes.h"
#include "splash/SplashPattern.h"
#include "poppler-config.h"
#include "OutputDev.h"
#include "GfxState.h"
#include "GlobalParams.h"
class PDFDoc;
class Gfx8BitFont;
class SplashBitmap;
class Splash;
class SplashPath;
class SplashFontEngine;
class SplashFont;
class T3FontCache;
struct T3FontCacheTag;
struct T3GlyphStack;
struct SplashTransparencyGroup;
//------------------------------------------------------------------------
// Splash dynamic pattern
//------------------------------------------------------------------------
class SplashFunctionPattern: public SplashPattern {
public:
SplashFunctionPattern(SplashColorMode colorMode, GfxState *state, GfxFunctionShading *shading);
SplashPattern *copy() override { return new SplashFunctionPattern(colorMode, state, (GfxFunctionShading *) shading); }
~SplashFunctionPattern();
bool testPosition(int x, int y) override { return true; }
bool isStatic() override { return false; }
bool getColor(int x, int y, SplashColorPtr c) override;
virtual GfxFunctionShading *getShading() { return shading; }
bool isCMYK() override { return gfxMode == csDeviceCMYK; }
protected:
Matrix ictm;
double xMin, yMin, xMax, yMax;
GfxFunctionShading *shading;
GfxState *state;
SplashColorMode colorMode;
GfxColorSpaceMode gfxMode;
};
class SplashUnivariatePattern: public SplashPattern {
public:
SplashUnivariatePattern(SplashColorMode colorMode, GfxState *state, GfxUnivariateShading *shading);
~SplashUnivariatePattern();
bool getColor(int x, int y, SplashColorPtr c) override;
bool testPosition(int x, int y) override;
bool isStatic() override { return false; }
virtual bool getParameter(double xs, double ys, double *t) = 0;
virtual GfxUnivariateShading *getShading() { return shading; }
bool isCMYK() override { return gfxMode == csDeviceCMYK; }
protected:
Matrix ictm;
double t0, t1, dt;
GfxUnivariateShading *shading;
GfxState *state;
SplashColorMode colorMode;
GfxColorSpaceMode gfxMode;
};
class SplashAxialPattern: public SplashUnivariatePattern {
public:
SplashAxialPattern(SplashColorMode colorMode, GfxState *state, GfxAxialShading *shading);
SplashPattern *copy() override { return new SplashAxialPattern(colorMode, state, (GfxAxialShading *) shading); }
~SplashAxialPattern();
bool getParameter(double xs, double ys, double *t) override;
private:
double x0, y0, x1, y1;
double dx, dy, mul;
};
// see GfxState.h, GfxGouraudTriangleShading
class SplashGouraudPattern: public SplashGouraudColor {
public:
SplashGouraudPattern(bool bDirectColorTranslation, GfxState *state, GfxGouraudTriangleShading *shading);
SplashPattern *copy() override { return new SplashGouraudPattern(bDirectColorTranslation, state, shading); }
~SplashGouraudPattern();
bool getColor(int x, int y, SplashColorPtr c) override { return false; }
bool testPosition(int x, int y) override { return false; }
bool isStatic() override { return false; }
bool isCMYK() override { return gfxMode == csDeviceCMYK; }
bool isParameterized() override { return shading->isParameterized(); }
int getNTriangles() override { return shading->getNTriangles(); }
void getTriangle(int i, double *x0, double *y0, double *color0,
double *x1, double *y1, double *color1,
double *x2, double *y2, double *color2) override
{ shading->getTriangle(i, x0, y0, color0, x1, y1, color1, x2, y2, color2); }
void getParameterizedColor(double t, SplashColorMode mode, SplashColorPtr c) override;
private:
GfxGouraudTriangleShading *shading;
GfxState *state;
bool bDirectColorTranslation;
GfxColorSpaceMode gfxMode;
};
// see GfxState.h, GfxRadialShading
class SplashRadialPattern: public SplashUnivariatePattern {
public:
SplashRadialPattern(SplashColorMode colorMode, GfxState *state, GfxRadialShading *shading);
SplashPattern *copy() override { return new SplashRadialPattern(colorMode, state, (GfxRadialShading *) shading); }
~SplashRadialPattern();
bool getParameter(double xs, double ys, double *t) override;
private:
double x0, y0, r0, dx, dy, dr;
double a, inva;
};
//------------------------------------------------------------------------
// number of Type 3 fonts to cache
#define splashOutT3FontCacheSize 8
//------------------------------------------------------------------------
// SplashOutputDev
//------------------------------------------------------------------------
class SplashOutputDev: public OutputDev {
public:
// Constructor.
SplashOutputDev(SplashColorMode colorModeA, int bitmapRowPadA,
bool reverseVideoA, SplashColorPtr paperColorA,
bool bitmapTopDownA = true,
SplashThinLineMode thinLineMode = splashThinLineDefault,
bool overprintPreviewA = globalParams->getOverprintPreview());
// Destructor.
~SplashOutputDev();
//----- get info about output device
// Does this device use tilingPatternFill()? If this returns false,
// tiling pattern fills will be reduced to a series of other drawing
// operations.
bool useTilingPatternFill() override { return true; }
// Does this device use functionShadedFill(), axialShadedFill(), and
// radialShadedFill()? If this returns false, these shaded fills
// will be reduced to a series of other drawing operations.
bool useShadedFills(int type) override
{ return (type >= 1 && type <= 5) ? true : false; }
// Does this device use upside-down coordinates?
// (Upside-down means (0,0) is the top left corner of the page.)
bool upsideDown() override { return bitmapTopDown ^ bitmapUpsideDown; }
// Does this device use drawChar() or drawString()?
bool useDrawChar() override { return true; }
// Does this device use beginType3Char/endType3Char? Otherwise,
// text in Type 3 fonts will be drawn with drawChar/drawString.
bool interpretType3Chars() override { return true; }
//----- initialization and control
// Start a page.
void startPage(int pageNum, GfxState *state, XRef *xref) override;
// End a page.
void endPage() override;
//----- save/restore graphics state
void saveState(GfxState *state) override;
void restoreState(GfxState *state) override;
//----- update graphics state
void updateAll(GfxState *state) override;
void updateCTM(GfxState *state, double m11, double m12,
double m21, double m22, double m31, double m32) override;
void updateLineDash(GfxState *state) override;
void updateFlatness(GfxState *state) override;
void updateLineJoin(GfxState *state) override;
void updateLineCap(GfxState *state) override;
void updateMiterLimit(GfxState *state) override;
void updateLineWidth(GfxState *state) override;
void updateStrokeAdjust(GfxState *state) override;
void updateFillColorSpace(GfxState *state) override;
void updateStrokeColorSpace(GfxState *state) override;
void updateFillColor(GfxState *state) override;
void updateStrokeColor(GfxState *state) override;
void updateBlendMode(GfxState *state) override;
void updateFillOpacity(GfxState *state) override;
void updateStrokeOpacity(GfxState *state) override;
void updatePatternOpacity(GfxState *state) override;
void clearPatternOpacity(GfxState *state) override;
void updateFillOverprint(GfxState *state) override;
void updateStrokeOverprint(GfxState *state) override;
void updateOverprintMode(GfxState *state) override;
void updateTransfer(GfxState *state) override;
//----- update text state
void updateFont(GfxState *state) override;
//----- path painting
void stroke(GfxState *state) override;
void fill(GfxState *state) override;
void eoFill(GfxState *state) override;
bool tilingPatternFill(GfxState *state, Gfx *gfx, Catalog *catalog, Object *str,
const double *pmat, int paintType, int tilingType, Dict *resDict,
const double *mat, const double *bbox,
int x0, int y0, int x1, int y1,
double xStep, double yStep) override;
bool functionShadedFill(GfxState *state, GfxFunctionShading *shading) override;
bool axialShadedFill(GfxState *state, GfxAxialShading *shading, double tMin, double tMax) override;
bool radialShadedFill(GfxState *state, GfxRadialShading *shading, double tMin, double tMax) override;
bool gouraudTriangleShadedFill(GfxState *state, GfxGouraudTriangleShading *shading) override;
//----- path clipping
void clip(GfxState *state) override;
void eoClip(GfxState *state) override;
void clipToStrokePath(GfxState *state) override;
//----- text drawing
void drawChar(GfxState *state, double x, double y,
double dx, double dy,
double originX, double originY,
CharCode code, int nBytes, Unicode *u, int uLen) override;
bool beginType3Char(GfxState *state, double x, double y,
double dx, double dy,
CharCode code, Unicode *u, int uLen) override;
void endType3Char(GfxState *state) override;
void beginTextObject(GfxState *state) override;
void endTextObject(GfxState *state) override;
//----- image drawing
void drawImageMask(GfxState *state, Object *ref, Stream *str,
int width, int height, bool invert,
bool interpolate, bool inlineImg) override;
void setSoftMaskFromImageMask(GfxState *state,
Object *ref, Stream *str,
int width, int height, bool invert,
bool inlineImg, double *baseMatrix) override;
void unsetSoftMaskFromImageMask(GfxState *state, double *baseMatrix) override;
void drawImage(GfxState *state, Object *ref, Stream *str,
int width, int height, GfxImageColorMap *colorMap,
bool interpolate, int *maskColors, bool inlineImg) override;
void drawMaskedImage(GfxState *state, Object *ref, Stream *str,
int width, int height,
GfxImageColorMap *colorMap,
bool interpolate,
Stream *maskStr, int maskWidth, int maskHeight,
bool maskInvert, bool maskInterpolate) override;
void drawSoftMaskedImage(GfxState *state, Object *ref, Stream *str,
int width, int height,
GfxImageColorMap *colorMap,
bool interpolate,
Stream *maskStr,
int maskWidth, int maskHeight,
GfxImageColorMap *maskColorMap,
bool maskInterpolate) override;
//----- Type 3 font operators
void type3D0(GfxState *state, double wx, double wy) override;
void type3D1(GfxState *state, double wx, double wy,
double llx, double lly, double urx, double ury) override;
//----- transparency groups and soft masks
bool checkTransparencyGroup(GfxState *state, bool knockout) override;
void beginTransparencyGroup(GfxState *state, const double *bbox,
GfxColorSpace *blendingColorSpace,
bool isolated, bool knockout,
bool forSoftMask) override;
void endTransparencyGroup(GfxState *state) override;
void paintTransparencyGroup(GfxState *state, const double *bbox) override;
void setSoftMask(GfxState *state, const double *bbox, bool alpha,
Function *transferFunc, GfxColor *backdropColor) override;
void clearSoftMask(GfxState *state) override;
//----- special access
// Called to indicate that a new PDF document has been loaded.
void startDoc(PDFDoc *docA);
void setPaperColor(SplashColorPtr paperColorA);
bool isReverseVideo() { return reverseVideo; }
void setReverseVideo(bool reverseVideoA) { reverseVideo = reverseVideoA; }
// Get the bitmap and its size.
SplashBitmap *getBitmap() { return bitmap; }
int getBitmapWidth();
int getBitmapHeight();
// Returns the last rasterized bitmap, transferring ownership to the
// caller.
SplashBitmap *takeBitmap();
// Set this flag to true to generate an upside-down bitmap (useful
// for Windows BMP files).
void setBitmapUpsideDown(bool f) { bitmapUpsideDown = f; }
// Get the Splash object.
Splash *getSplash() { return splash; }
// Get the modified region.
void getModRegion(int *xMin, int *yMin, int *xMax, int *yMax);
// Clear the modified region.
void clearModRegion();
SplashFont *getCurrentFont() { return font; }
// If <skipTextA> is true, don't draw horizontal text.
// If <skipRotatedTextA> is true, don't draw rotated (non-horizontal) text.
void setSkipText(bool skipHorizTextA, bool skipRotatedTextA)
{ skipHorizText = skipHorizTextA; skipRotatedText = skipRotatedTextA; }
int getNestCount() { return nestCount; }
#if 1 //~tmp: turn off anti-aliasing temporarily
bool getVectorAntialias() override;
void setVectorAntialias(bool vaa) override;
#endif
bool getFontAntialias() { return fontAntialias; }
void setFontAntialias(bool anti) { fontAntialias = anti; }
void setFreeTypeHinting(bool enable, bool enableSlightHinting);
protected:
void doUpdateFont(GfxState *state);
private:
bool univariateShadedFill(GfxState *state, SplashUnivariatePattern *pattern, double tMin, double tMax);
void setupScreenParams(double hDPI, double vDPI);
SplashPattern *getColor(GfxGray gray);
SplashPattern *getColor(GfxRGB *rgb);
#ifdef SPLASH_CMYK
SplashPattern *getColor(GfxCMYK *cmyk);
SplashPattern *getColor(GfxColor *deviceN);
#endif
static void getMatteColor( SplashColorMode colorMode, GfxImageColorMap *colorMap, const GfxColor * matteColor, SplashColor splashMatteColor);
void setOverprintMask(GfxColorSpace *colorSpace, bool overprintFlag,
int overprintMode, const GfxColor *singleColor, bool grayIndexed = false);
SplashPath convertPath(GfxState *state, GfxPath *path,
bool dropEmptySubpaths);
void drawType3Glyph(GfxState *state, T3FontCache *t3Font,
T3FontCacheTag *tag, unsigned char *data);
#ifdef USE_CMS
bool useIccImageSrc(void *data);
static void iccTransform(void *data, SplashBitmap *bitmap);
static bool iccImageSrc(void *data, SplashColorPtr colorLine,
unsigned char *alphaLine);
#endif
static bool imageMaskSrc(void *data, SplashColorPtr line);
static bool imageSrc(void *data, SplashColorPtr colorLine,
unsigned char *alphaLine);
static bool alphaImageSrc(void *data, SplashColorPtr line,
unsigned char *alphaLine);
static bool maskedImageSrc(void *data, SplashColorPtr line,
unsigned char *alphaLine);
static bool tilingBitmapSrc(void *data, SplashColorPtr line,
unsigned char *alphaLine);
bool keepAlphaChannel; // don't fill with paper color, keep alpha channel
SplashColorMode colorMode;
int bitmapRowPad;
bool bitmapTopDown;
bool bitmapUpsideDown;
bool fontAntialias;
bool vectorAntialias;
bool overprintPreview;
bool enableFreeTypeHinting;
bool enableSlightHinting;
bool reverseVideo; // reverse video mode
SplashColor paperColor; // paper color
SplashScreenParams screenParams;
bool skipHorizText;
bool skipRotatedText;
PDFDoc *doc; // the current document
XRef *xref; // the xref of the current document
SplashBitmap *bitmap;
Splash *splash;
SplashFontEngine *fontEngine;
T3FontCache * // Type 3 font cache
t3FontCache[splashOutT3FontCacheSize];
int nT3Fonts; // number of valid entries in t3FontCache
T3GlyphStack *t3GlyphStack; // Type 3 glyph context stack
SplashFont *font; // current font
bool needFontUpdate; // set when the font needs to be updated
SplashPath *textClipPath; // clipping path built with text object
SplashTransparencyGroup * // transparency group stack
transpGroupStack;
int nestCount;
};
#endif

View File

@ -0,0 +1,3 @@
SplashOutputDev.cc:4584:bughuntingDivByZero
SplashOutputDev.cc:4585:bughuntingDivByZero

View File

@ -0,0 +1 @@
jfif.c:430:bughuntingDivByZero

View File

@ -426,7 +426,7 @@ int jfif_decode(void *ctxt, BMP *pb)
mcuh = sfv_max * 8; mcuh = sfv_max * 8;
jw = ALIGN(jfif->width , mcuw); jw = ALIGN(jfif->width , mcuw);
jh = ALIGN(jfif->height, mcuh); jh = ALIGN(jfif->height, mcuh);
mcuc = jw / mcuw; // cppcheck-suppress bughuntingDivByZero mcuc = jw / mcuw;
mcur = jh / mcuh; mcur = jh / mcuh;
//-- calculate mcu info //-- calculate mcu info