From fd54bf89f2adfd5545202a6df87076fb7269f62c Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Mon, 27 Jul 2015 15:12:25 +0200
Subject: Limit dash phase to length of dash pattern.

Previously out of range phase values were accepted which led to overly
long loops when processing moveto. This could be triggered e.g. by
2222222222222222222 [ 4 6 ] 0 d in a content stream.
---
 source/fitz/draw-path.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source')

diff --git a/source/fitz/draw-path.c b/source/fitz/draw-path.c
index 9949e1d7..bf7a9022 100644
--- a/source/fitz/draw-path.c
+++ b/source/fitz/draw-path.c
@@ -1326,7 +1326,7 @@ fz_flatten_dash_path(fz_context *ctx, fz_gel *gel, fz_path *path, const fz_strok
 	if (s.dash_len > 0 && s.dash_total == 0)
 		return;
 
-	s.dash_phase = stroke->dash_phase;
+	s.dash_phase = fmodf(stroke->dash_phase, s.dash_total);
 	s.cap = stroke->start_cap;
 	s.toggle = 0;
 	s.offset = 0;
-- 
cgit v1.2.3