From ecae4ffecbf52962c24f242361072a57f9385ae0 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 22 Nov 2019 16:51:25 +0100
Subject: [PATCH] Fix a NULL pointer dereference

in DJVU::filter_fv()

Resolves: #1771267
---
 djvulibre-3.5.27-null-dereference.patch | 39 +++++++++++++++++++++++++
 djvulibre.spec                          |  8 ++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 djvulibre-3.5.27-null-dereference.patch

diff --git a/djvulibre-3.5.27-null-dereference.patch b/djvulibre-3.5.27-null-dereference.patch
new file mode 100644
index 0000000..5e80f32
--- /dev/null
+++ b/djvulibre-3.5.27-null-dereference.patch
@@ -0,0 +1,39 @@
+From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001
+From: Leon Bottou <leon@bottou.org>
+Date: Thu, 17 Oct 2019 22:20:31 -0400
+Subject: [PATCH 1/2] Fixed bug 309
+
+---
+ libdjvu/IW44EncodeCodec.cpp | 2 +-
+ tools/ddjvu.cpp             | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
+index 00752a0..f81eaeb 100644
+--- a/libdjvu/IW44EncodeCodec.cpp
++++ b/libdjvu/IW44EncodeCodec.cpp
+@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
+   int y = 0;
+   int s = scale*rowsize;
+   int s3 = s+s+s;
+-  h = ((h-1)/scale)+1;
++  h = (h>0) ? ((h-1)/scale)+1 : 0;
+   y += 1;
+   p += s;
+   while (y-3 < h)
+diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
+index 6d0df3b..7109952 100644
+--- a/tools/ddjvu.cpp
++++ b/tools/ddjvu.cpp
+@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
+       prect.h = (ih * 100) / dpi;
+     }
+   /* Process aspect ratio */
+-  if (flag_aspect <= 0)
++  if (flag_aspect <= 0 && iw>0 && ih>0)
+     {
+       double dw = (double)iw / prect.w;
+       double dh = (double)ih / prect.h;
+-- 
+2.23.0
+
diff --git a/djvulibre.spec b/djvulibre.spec
index 54d87b0..15ca42c 100644
--- a/djvulibre.spec
+++ b/djvulibre.spec
@@ -3,7 +3,7 @@
 Summary: DjVu viewers, encoders, and utilities
 Name: djvulibre
 Version: 3.5.27
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: GPLv2+
 URL: http://djvu.sourceforge.net/
 Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
@@ -14,6 +14,7 @@ Patch3: djvulibre-3.5.27-infinite-loop.patch
 Patch4: djvulibre-3.5.27-stack-overflow.patch
 Patch5: djvulibre-3.5.27-zero-bytes-check.patch
 Patch6: djvulibre-3.5.27-export-file.patch
+Patch7: djvulibre-3.5.27-null-dereference.patch
 
 Requires(post): xdg-utils
 Requires(preun): xdg-utils
@@ -71,6 +72,7 @@ Development files for DjVuLibre.
 %patch4 -p1 -b .stack-overflow
 %patch5 -p1 -b .zero-bytes-check
 %patch6 -p1 -b .export-file
+%patch7 -p1 -b .null-dereference
 
 
 %build 
@@ -178,6 +180,10 @@ fi
 
 
 %changelog
+* Fri Nov 22 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-18
+- Fix a NULL pointer dereference in DJVU::filter_fv()
+- Resolves: #1771267
+
 * Fri Nov  8 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-17
 - Use Inkscape's "--export-file" option replacing "--export-png"
 - Related: #1767921