ref: 693e5e957326786cb30e5b0c0b8a7fdbbcc3ca42
parent: 3952f712a94604f51d0dff207dec16ed18dba2d3
author: Sebastian Rasmussen <sebras@gmail.com>
date: Sat May 13 23:37:11 EDT 2017
Make clipping in image compositing handle underflow.
--- a/jbig2_image.c
+++ b/jbig2_image.c
@@ -149,18 +149,32 @@
/* clip to the dst image boundaries */
if (x < 0) {sx += -x;
- sw -= -x;
+ if (sw < (uint32_t)-x)
+ sw = 0;
+ else
+ sw -= -x;
x = 0;
}
if (y < 0) {sy += -y;
- sh -= -y;
+ if (sh < (uint32_t)-y)
+ sh = 0;
+ else
+ sh -= -y;
y = 0;
}
- if (x + sw >= dst->width)
- sw = dst->width - x;
- if (y + sh >= dst->height)
- sh = dst->height - y;
+ if ((uint32_t)x + sw >= dst->width) {+ if (dst->width >= (uint32_t)x)
+ sw = dst->width - x;
+ else
+ sw = 0;
+ }
+ if ((uint32_t)y + sh >= dst->height) {+ if (dst->height >= (uint32_t)y)
+ sh = dst->height - y;
+ else
+ sh = 0;
+ }
switch (op) {case JBIG2_COMPOSE_OR:
@@ -226,11 +240,17 @@
ss = src->data;
if (x < 0) {- w += x;
+ if (w < (uint32_t)-x)
+ w = 0;
+ else
+ w += x;
x = 0;
}
if (y < 0) {- h += y;
+ if (h < (uint32_t)-y)
+ h = 0;
+ else
+ h += y;
y = 0;
}
w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);