26 lines
1.1 KiB
Diff
26 lines
1.1 KiB
Diff
From 8dbe2e6c480405dab9347075cf4be626f90f1d05 Mon Sep 17 00:00:00 2001
|
|
From: Albert Astals Cid <aacid@kde.org>
|
|
Date: Wed, 3 Apr 2019 18:02:42 +0200
|
|
Subject: SplashXPathScanner::clipAALine: Fix crash on broken file
|
|
|
|
Make sure the index of allIntersections we access is valid
|
|
|
|
Fixes #748
|
|
|
|
diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc
|
|
index 8362a6a5..23b4f7c4 100644
|
|
--- a/splash/SplashXPathScanner.cc
|
|
+++ b/splash/SplashXPathScanner.cc
|
|
@@ -452,7 +452,10 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf,
|
|
for (yy = 0; yy < splashAASize; ++yy) {
|
|
xx = *x0 * splashAASize;
|
|
if (yy >= yyMin && yy <= yyMax) {
|
|
- const auto& line = allIntersections[splashAASize * y + yy - yMin];
|
|
+ const int intersectionIndex = splashAASize * y + yy - yMin;
|
|
+ if (unlikely(intersectionIndex < 0 || (unsigned)intersectionIndex >= allIntersections.size()))
|
|
+ break;
|
|
+ const auto& line = allIntersections[intersectionIndex];
|
|
interIdx = 0;
|
|
interCount = 0;
|
|
while (interIdx < line.size() && xx < (*x1 + 1) * splashAASize) {
|