Bug 691892 - dev_draw.c doesn't adhere to cliptext's accumulation contract
Summary: dev_draw.c doesn't adhere to cliptext's accumulation contract
Status: RESOLVED FIXED
Alias: None
Product: MuPDF
Classification: Unclassified
Component: fitz (show other bugs)
Version: unspecified
Hardware: PC Windows 7
: P4 normal
Assignee: Tor Andersson
URL: http://code.google.com/p/sumatrapdf/i...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-17 12:09 UTC by zeniko
Modified: 2011-02-02 16:38 UTC (History)
0 users

See Also:
Customer:
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zeniko 2011-01-17 12:09:12 UTC 
http://www.embeddedcomputingsystems.com/emag/in_design/1012/docs/SiD_Dec2010.pdf crashes MuPDF due to not taking cliptext calls with accumulate==2 into account and thus underflowing its stack in popclip (which also happens for each cliptext call, not just those with accumulate < 2).

Our work-around: http://code.google.com/p/sumatrapdf/source/detail?r=2651
Comment 1 Tor Andersson 2011-02-02 16:38:00 UTC 
The bug is actually on the other side of the interface -- the interpreter was incorrectly increasing csi->clipdepth when accumulating clipped text continuations.


--- old-mupdf-scrub/mupdf/pdf_build.c   2011-02-02 17:37:18.378934628 +0100
+++ new-mupdf-scrub/mupdf/pdf_build.c   2011-02-02 17:37:18.851048391 +0100
@@ -464,7 +464,8 @@
 
        if (doclip)
        {
-               gstate->clipdepth++;
+               if (csi->accumulate < 2)
+                       gstate->clipdepth++;
                csi->dev->cliptext(csi->dev->user, text, gstate->ctm, csi->accumulate);
                csi->accumulate = 2;
        }

The above patch fixes the problem.