SplashXPathScanner::clipAALine: Fix crash on broken file

Make sure the index of allIntersections we access is valid Fixes #748
author: Albert Astals Cid <aacid@kde.org> 2019-04-03 18:02:42 +0200
committer: Albert Astals Cid <aacid@kde.org> 2019-04-03 18:02:42 +0200
commit: 8dbe2e6c480405dab9347075cf4be626f90f1d05 (patch)
tree: 7e67d9bbb26bac6fefd32753b05db880561d811e /splash
parent: eec84fe2d2dad20acdfb47cf06f8171e6f9e74dc (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc
index 8362a6a5..23b4f7c4 100644
--- a/splash/SplashXPathScanner.cc
+++ b/splash/SplashXPathScanner.cc
@@ -452,7 +452,10 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf,
   for (yy = 0; yy < splashAASize; ++yy) {
     xx = *x0 * splashAASize;
     if (yy >= yyMin && yy <= yyMax) {
-      const auto& line = allIntersections[splashAASize * y + yy - yMin];
+      const int intersectionIndex = splashAASize * y + yy - yMin;
+      if (unlikely(intersectionIndex < 0 || (unsigned)intersectionIndex >= allIntersections.size()))
+	break;
+      const auto& line = allIntersections[intersectionIndex];
       interIdx = 0;
       interCount = 0;
       while (interIdx < line.size() && xx < (*x1 + 1) * splashAASize) {
author	Albert Astals Cid <aacid@kde.org>	2019-04-03 18:02:42 +0200
committer	Albert Astals Cid <aacid@kde.org>	2019-04-03 18:02:42 +0200
commit	8dbe2e6c480405dab9347075cf4be626f90f1d05 (patch)
tree	7e67d9bbb26bac6fefd32753b05db880561d811e /splash
parent	eec84fe2d2dad20acdfb47cf06f8171e6f9e74dc (diff)