Bug 690409 - don't crash if image->n + image->a is 0
Summary: don't crash if image->n + image->a is 0
Status: RESOLVED INVALID
Alias: None
Product: MuPDF
Classification: Unclassified
Component: mupdf (show other bugs)
Version: unspecified
Hardware: PC Windows XP
: P4 normal
Assignee: Tor Andersson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-12 22:47 UTC by Krzysztof Kowalczyk
Modified: 2010-05-20 22:39 UTC (History)
0 users

See Also:
Customer:
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Krzysztof Kowalczyk 2009-04-12 22:47:01 UTC 
This has come up in a real PDF (unfortunately I no longer remember which one it
was) where image->n + image->a was 0 which caused a crash in renderimage()
because we do:
tileheight = 512 * 1024 / (image->w * (image->n + image->a));

which is division by 0.

A fix is below. I believe it's better to return fz_okay in this case instead of
throwing an error because that way we'll show the remaining of the page (as
opposed to probably not rendering the page at all).

$ darcs diff -u
diff -rN -u old-mupdf-official/fitzdraw/render.c
new-mupdf-official/fitzdraw/render.c
--- old-mupdf-official/fitzdraw/render.c        2009-04-12 22:43:00.546875000 -0700
+++ new-mupdf-official/fitzdraw/render.c        2009-04-12 22:43:00.796875000 -0700
@@ -413,6 +413,9 @@
         if (image->w == 0 || image->h == 0)
                 return fz_okay;

+       if (image->n + image->a == 0)
+               return fz_okay;
+
        calcimagescale(ctm, image->w, image->h, &dx, &dy);

        /* try to fit tile into a typical L2 cachce */
Comment 1 Tor Andersson 2010-05-20 22:39:30 UTC 
The code has changed so much that this no longer applies. If you can find the test file that caused the initial problem, and it still wreaks havoc, please open a new bug.