Bug 690409

Summary: don't crash if image->n + image->a is 0
Product: MuPDF Reporter: Krzysztof Kowalczyk <kkowalczyk>
Component: mupdfAssignee: Tor Andersson <tor.andersson>
Status: RESOLVED INVALID    
Severity: normal    
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Windows XP   
Customer: Word Size: ---

Description Krzysztof Kowalczyk 2009-04-12 22:47:01 UTC 
This has come up in a real PDF (unfortunately I no longer remember which one it
was) where image->n + image->a was 0 which caused a crash in renderimage()
because we do:
tileheight = 512 * 1024 / (image->w * (image->n + image->a));

which is division by 0.

A fix is below. I believe it's better to return fz_okay in this case instead of
throwing an error because that way we'll show the remaining of the page (as
opposed to probably not rendering the page at all).

$ darcs diff -u
diff -rN -u old-mupdf-official/fitzdraw/render.c
new-mupdf-official/fitzdraw/render.c
--- old-mupdf-official/fitzdraw/render.c        2009-04-12 22:43:00.546875000 -0700
+++ new-mupdf-official/fitzdraw/render.c        2009-04-12 22:43:00.796875000 -0700
@@ -413,6 +413,9 @@
         if (image->w == 0 || image->h == 0)
                 return fz_okay;

+       if (image->n + image->a == 0)
+               return fz_okay;
+
        calcimagescale(ctm, image->w, image->h, &dx, &dy);

        /* try to fit tile into a typical L2 cachce */
Comment 1 Tor Andersson 2010-05-20 22:39:30 UTC 
The code has changed so much that this no longer applies. If you can find the test file that caused the initial problem, and it still wreaks havoc, please open a new bug.