Pierre Ossman 1224cbdc21 Handle empty Tight gradient rects ...

We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

2020-09-21 12:46:27 +03:00

4.8 KiB

Raw Blame History

View Raw