Bug 691064 - fitzdraw: several integer overflow issues
Summary: fitzdraw: several integer overflow issues
Status: RESOLVED FIXED
Alias: None
Product: MuPDF
Classification: Unclassified
Component: fitz (show other bugs)
Version: unspecified
Hardware: PC Windows XP
: P4 normal
Assignee: Tor Andersson
URL: http://code.google.com/p/sumatrapdf/i...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-17 10:20 UTC by zeniko
Modified: 2010-07-10 20:49 UTC (History)
0 users

See Also:
Customer:
Word Size: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description zeniko 2010-01-17 10:20:30 UTC
The document from the URL contains the following instructions:

-154618632.50 -154618337.52 m
154619012.66 -154618337.52 l
154619012.66 154619307.65 l
-154618632.50 154619307.65 l
-154618632.50 -154618337.52 l
W*

which will be capped to INT_MAX resp. INT_MIN when converted to integer. Passing 
INT_MIN to pathscan.c's fz_idiv will however result in an unchecked overflow, 
making fz_boundgel return an invalid rectangle.

Fixing this bug will result in further issues and assertions...
Comment 1 Tor Andersson 2010-01-17 17:48:42 UTC
Wow, big numbers! A more "correct" solution would involve clipping the line 
segments to the bounding box when we insert them into the edge list. We could put 
the page bounding box in the edge list struct without too much difficulty.
Comment 2 Tor Andersson 2010-07-10 20:49:11 UTC
Fixed. I also needed to clamp the float values to a range representable by integers.