34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From e3cee2576438f47a3b8678c6960472e625f8f7d7 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
|
|
Date: Mon, 27 Jan 2020 22:14:29 +0100
|
|
Subject: [PATCH] Keep coordinates of spline controls within sane range
|
|
|
|
This fixes the fundamental issue of ticket #65.
|
|
---
|
|
fig2dev/read.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git fig2dev/read.c fig2dev/read.c
|
|
index 797030c..255586a 100644
|
|
--- fig2dev/read.c
|
|
+++ fig2dev/read.c
|
|
@@ -1393,6 +1393,15 @@ read_splineobject(FILE *fp, char **restrict line, size_t *line_len,
|
|
free_splinestorage(s);
|
|
return NULL;
|
|
}
|
|
+ if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX ||
|
|
+ rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) {
|
|
+ /* do not care to clean up, we exit anyway
|
|
+ cp->next = NULL;
|
|
+ free_splinestorage(s); */
|
|
+ put_msg("Spline control points out of range at line %d.",
|
|
+ *line_no);
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
cq->lx = lx; cq->ly = ly;
|
|
cq->rx = rx; cq->ry = ry;
|
|
cp->next = cq;
|
|
--
|
|
2.16.4
|
|
|