diff options
| author | Robin Watts <robin.watts@artifex.com> | 2014-01-17 17:43:05 +0000 |
|---|---|---|
| committer | Robin Watts <robin.watts@artifex.com> | 2014-01-17 17:43:34 +0000 |
| commit | 63869ca1b53eb485dc0c8b5e53679825826ec076 (patch) | |
| tree | ac7973e323b149e3bcba419c669dd8c3829ce12d /source | |
| parent | ef3d3c01d57aed1204f1b77a93d5106ac8223ea8 (diff) | |
| download | mupdf-63869ca1b53eb485dc0c8b5e53679825826ec076.tar.xz | |
Avoid overflows in floating point causing illegal accesses
If the scale is too large, the calculation to determine the
required size of a pixmap can overflow. This can lead to negative
width/heights being passed in, which confuses the subsampling
code, leading to SEGVs.
Diffstat (limited to 'source')
| -rw-r--r-- | source/fitz/image.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source/fitz/image.c b/source/fitz/image.c index f5af4539..3cfe0e8b 100644 --- a/source/fitz/image.c +++ b/source/fitz/image.c @@ -238,9 +238,9 @@ fz_image_get_pixmap(fz_context *ctx, fz_image *image, int w, int h) } /* Ensure our expectations for tile size are reasonable */ - if (w > image->w) + if (w < 0 || w > image->w) w = image->w; - if (h > image->h) + if (h < 0 || h > image->h) h = image->h; /* What is our ideal factor? */ |