From 8355256a0fa6eedaa02a4e7b8ba3c2dbd58fe567 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor@ghostscript.com>
Date: Thu, 3 Feb 2011 10:38:01 +0000
Subject: Various patches from SumatraPDF.

---
 draw/imagescale.c  | 2 +-
 draw/imagesmooth.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'draw')

diff --git a/draw/imagescale.c b/draw/imagescale.c
index 60edadb5..d40898b1 100644
--- a/draw/imagescale.c
+++ b/draw/imagescale.c
@@ -238,7 +238,7 @@ fz_scalepixmap(fz_pixmap *src, int xdenom, int ydenom)
 	oh = (src->h + ydenom - 1) / ydenom;
 	n = src->n;
 
-	buf = fz_malloc(ow * n * ydenom);
+	buf = fz_calloc(ydenom, ow * n);
 
 	dst = fz_newpixmap(src->colorspace, 0, 0, ow, oh);
 
diff --git a/draw/imagesmooth.c b/draw/imagesmooth.c
index c1002f46..67b5f481 100644
--- a/draw/imagesmooth.c
+++ b/draw/imagesmooth.c
@@ -1108,6 +1108,8 @@ fz_smoothscalepixmap(fz_pixmap *src, float x, float y, float w, float h)
 
 		temp_span = contrib_cols->count * src->n;
 		temp_rows = contrib_rows->max_len;
+		if (temp_span <= 0 || temp_rows > INT_MAX / temp_span)
+			goto cleanup;
 		temp = fz_calloc(temp_span*temp_rows, sizeof(int));
 		if (temp == NULL)
 			goto cleanup;
-- 
cgit v1.2.3