summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Bünzli <zeniko@gmail.com>2013-10-06 20:54:51 +0200
committerRobin Watts <robin.watts@artifex.com>2013-10-11 12:24:17 +0100
commit4cdb913edf9409492ac41958ada1a23dd7be23bf (patch)
treeccb5d082993e3d7bfe4042966283f68a194f39d3
parent28eaceb5d066eb59203e647ee91febbc730f344a (diff)
downloadmupdf-4cdb913edf9409492ac41958ada1a23dd7be23bf.tar.xz
prevent potential heap access violation
fz_reset_gel fails to reset the length of active edges, which could (AFAICT) lead to pointers in gel->active pointing to memory that's been previously freed by fz_resize_array.
-rw-r--r--source/fitz/draw-edge.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/source/fitz/draw-edge.c b/source/fitz/draw-edge.c
index 1b41414d..7d57f3b6 100644
--- a/source/fitz/draw-edge.c
+++ b/source/fitz/draw-edge.c
@@ -224,6 +224,7 @@ fz_reset_gel(fz_gel *gel, const fz_irect *clip)
gel->bbox.x1 = gel->bbox.y1 = BBOX_MIN;
gel->len = 0;
+ gel->alen = 0;
}
void