From 63869ca1b53eb485dc0c8b5e53679825826ec076 Mon Sep 17 00:00:00 2001
From: Robin Watts <robin.watts@artifex.com>
Date: Fri, 17 Jan 2014 17:43:05 +0000
Subject: Avoid overflows in floating point causing illegal accesses

If the scale is too large, the calculation to determine the
required size of a pixmap can overflow. This can lead to negative
width/heights being passed in, which confuses the subsampling
code, leading to SEGVs.
---
 source/fitz/image.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source')

diff --git a/source/fitz/image.c b/source/fitz/image.c
index f5af4539..3cfe0e8b 100644
--- a/source/fitz/image.c
+++ b/source/fitz/image.c
@@ -238,9 +238,9 @@ fz_image_get_pixmap(fz_context *ctx, fz_image *image, int w, int h)
 	}
 
 	/* Ensure our expectations for tile size are reasonable */
-	if (w > image->w)
+	if (w < 0 || w > image->w)
 		w = image->w;
-	if (h > image->h)
+	if (h < 0 || h > image->h)
 		h = image->h;
 
 	/* What is our ideal factor? */
-- 
cgit v1.2.3