From 4cdb913edf9409492ac41958ada1a23dd7be23bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20B=C3=BCnzli?= <zeniko@gmail.com>
Date: Sun, 6 Oct 2013 20:54:51 +0200
Subject: prevent potential heap access violation

fz_reset_gel fails to reset the length of active edges, which could
(AFAICT) lead to pointers in gel->active pointing to memory that's
been previously freed by fz_resize_array.
---
 source/fitz/draw-edge.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source/fitz/draw-edge.c b/source/fitz/draw-edge.c
index 1b41414d..7d57f3b6 100644
--- a/source/fitz/draw-edge.c
+++ b/source/fitz/draw-edge.c
@@ -224,6 +224,7 @@ fz_reset_gel(fz_gel *gel, const fz_irect *clip)
 	gel->bbox.x1 = gel->bbox.y1 = BBOX_MIN;
 
 	gel->len = 0;
+	gel->alen = 0;
 }
 
 void
-- 
cgit v1.2.3