Bug 692336

Summary: crash on excessive clipping in list device
Product: MuPDF Reporter: zeniko
Component: fitzAssignee: Tor Andersson <tor.andersson>
Status: RESOLVED FIXED    
Severity: normal CC: robin.watts
Priority: P4    
Version: unspecified   
Hardware: PC   
OS: Windows 7   
Customer: Word Size: ---
Attachments: testcase

Description zeniko 2011-07-09 21:28:47 UTC 
Created attachment 7660 [details]
testcase

Bug 692287 introduced a clip stack in the list device which has a maximum of 96 entries which can be quite easily overflow into the heap (cf. testcase).

@Robin: Style nit: Please open braces on the following lines, as everywhere else in MuPDF code. Thanks.
Comment 1 zeniko 2011-07-09 23:02:00 UTC 
BTW: FZ_CMD_END_MASK also affects the clipping stack. As of bug 692287, too much is clipped out of a document, as soon as the first FZ_CMD_POP_CLIP belonging to an FZ_CMD_END_MASK is encountered.

IOW: assert(list->top > 0) doesn't always hold for FZ_CMD_POP_CLIP , even though it really should.
Comment 2 zeniko 2011-07-10 00:05:24 UTC 
FYI: Both issues are fixed in http://code.google.com/p/sumatrapdf/source/detail?r=4069