Bug 691892

Summary: dev_draw.c doesn't adhere to cliptext's accumulation contract
Product: MuPDF Reporter: zeniko
Component: fitzAssignee: Tor Andersson <tor.andersson>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Windows 7   
URL: http://code.google.com/p/sumatrapdf/issues/detail?id=1174
Customer: Word Size: ---

Description zeniko 2011-01-17 12:09:12 UTC 
http://www.embeddedcomputingsystems.com/emag/in_design/1012/docs/SiD_Dec2010.pdf crashes MuPDF due to not taking cliptext calls with accumulate==2 into account and thus underflowing its stack in popclip (which also happens for each cliptext call, not just those with accumulate < 2).

Our work-around: http://code.google.com/p/sumatrapdf/source/detail?r=2651
Comment 1 Tor Andersson 2011-02-02 16:38:00 UTC 
The bug is actually on the other side of the interface -- the interpreter was incorrectly increasing csi->clipdepth when accumulating clipped text continuations.


--- old-mupdf-scrub/mupdf/pdf_build.c   2011-02-02 17:37:18.378934628 +0100
+++ new-mupdf-scrub/mupdf/pdf_build.c   2011-02-02 17:37:18.851048391 +0100
@@ -464,7 +464,8 @@
 
        if (doclip)
        {
-               gstate->clipdepth++;
+               if (csi->accumulate < 2)
+                       gstate->clipdepth++;
                csi->dev->cliptext(csi->dev->user, text, gstate->ctm, csi->accumulate);
                csi->accumulate = 2;
        }

The above patch fixes the problem.