mupdf/CVE-2016-8728.patch

Index: mupdf-1.10a-source/source/fitz/draw-scale-simple.c
===================================================================
--- mupdf-1.10a-source.orig/source/fitz/draw-scale-simple.c
+++ mupdf-1.10a-source/source/fitz/draw-scale-simple.c
@@ -1294,7 +1294,7 @@ scale_single_row(unsigned char * restric
 		tmp[j] = 128;
 	if (weights->flip)
 	{
-		dst += (weights->count-1)*n;
+		dst += (weights->count-1)*nf;
 		for (i=weights->count; i > 0; i--)
 		{
 			min = *contrib++;
Index: mupdf-1.10a-source/thirdparty/jbig2dec/jbig2_image.c
===================================================================
--- mupdf-1.10a-source.orig/thirdparty/jbig2dec/jbig2_image.c
+++ mupdf-1.10a-source/thirdparty/jbig2dec/jbig2_image.c
@@ -38,6 +38,13 @@ jbig2_image_new(Jbig2Ctx *ctx, int width
     int stride;
     int64_t check;
 
+    if (width == 0 || height == 0) {
+        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1,
+            "zero width (%d) or height (%d) in jbig2_image_new",
+            width, height);
+        return NULL;
+    }
+
     image = jbig2_new(ctx, Jbig2Image, 1);
     if (image == NULL) {
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "could not allocate image structure in jbig2_image_new");