Bug 691064

Summary: fitzdraw: several integer overflow issues
Product: MuPDF Reporter: zeniko
Component: fitzAssignee: Tor Andersson <tor.andersson>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Windows XP   
URL: http://code.google.com/p/sumatrapdf/issues/detail?id=826
Customer: Word Size: ---

Description zeniko 2010-01-17 10:20:30 UTC 
The document from the URL contains the following instructions:

-154618632.50 -154618337.52 m
154619012.66 -154618337.52 l
154619012.66 154619307.65 l
-154618632.50 154619307.65 l
-154618632.50 -154618337.52 l
W*

which will be capped to INT_MAX resp. INT_MIN when converted to integer. Passing 
INT_MIN to pathscan.c's fz_idiv will however result in an unchecked overflow, 
making fz_boundgel return an invalid rectangle.

Fixing this bug will result in further issues and assertions...
Comment 1 Tor Andersson 2010-01-17 17:48:42 UTC 
Wow, big numbers! A more "correct" solution would involve clipping the line 
segments to the bounding box when we insert them into the edge list. We could put 
the page bounding box in the edge list struct without too much difficulty.
Comment 2 Tor Andersson 2010-07-10 20:49:11 UTC 
Fixed. I also needed to clamp the float values to a range representable by integers.