diff options
author | Simon Bünzli <zeniko@gmail.com> | 2013-10-06 20:54:51 +0200 |
---|---|---|
committer | Robin Watts <robin.watts@artifex.com> | 2013-10-11 12:24:17 +0100 |
commit | 4cdb913edf9409492ac41958ada1a23dd7be23bf (patch) | |
tree | ccb5d082993e3d7bfe4042966283f68a194f39d3 | |
parent | 28eaceb5d066eb59203e647ee91febbc730f344a (diff) | |
download | mupdf-4cdb913edf9409492ac41958ada1a23dd7be23bf.tar.xz |
prevent potential heap access violation
fz_reset_gel fails to reset the length of active edges, which could
(AFAICT) lead to pointers in gel->active pointing to memory that's
been previously freed by fz_resize_array.
-rw-r--r-- | source/fitz/draw-edge.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source/fitz/draw-edge.c b/source/fitz/draw-edge.c index 1b41414d..7d57f3b6 100644 --- a/source/fitz/draw-edge.c +++ b/source/fitz/draw-edge.c @@ -224,6 +224,7 @@ fz_reset_gel(fz_gel *gel, const fz_irect *clip) gel->bbox.x1 = gel->bbox.y1 = BBOX_MIN; gel->len = 0; + gel->alen = 0; } void |