diff options
author | Robin Watts <robin.watts@artifex.com> | 2012-12-20 13:38:49 +0000 |
---|---|---|
committer | Robin Watts <robin.watts@artifex.com> | 2012-12-20 15:07:19 +0000 |
commit | 3440e0e3113e93ca2b7fa1a110ad52734d713fe4 (patch) | |
tree | ada9e3b8566a466ae0838399a4bd63681255e969 /.gitignore | |
parent | 9da6013ae2ad8f0092837c8edfe95ccbbf5e2233 (diff) | |
download | mupdf-3440e0e3113e93ca2b7fa1a110ad52734d713fe4.tar.xz |
Bug 693503: Fix SEGV in glyph painting due to bbox overflow.
When calculating the bbox for draw_glyph, if the x and y origins of
the glyph are extreme (too large to fit in an int), we get overflows
of the bbox; empty bboxes are transformed to large ones.
The fix is to introduce an fz_translate_bbox function that checks for
such things.
Also, we update various bbox/rect functions to check for empty bboxes
before they check for infinite ones (as a bbox of x0=0 x1=0 y0=0 y1=-1
will be detected both as infinite and empty).
Problem found in 2485.pdf.SIGSEGV.2a.1652, a test file supplied by
Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security
Team using Address Sanitizer. Many thanks!
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions