From 53ba4f82b968fbd755cdf5da1e4bdb9a571bb349 Mon Sep 17 00:00:00 2001
From: Michael Vrhel <michael.vrhel@artifex.com>
Date: Thu, 3 Mar 2022 16:11:17 -0800
Subject: oss-fuzz 44604 pdf14 shading fills with bbox that are empty

Compute the actual bbox.  If is is empty, then do not continue
with the drawing. Was leading to a seg fault later due to a
confused pdf14 device which eventually ends in a pdf14 abort
operation.
---
 base/gdevp14.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/base/gdevp14.c b/base/gdevp14.c
index 73e3b0c14..1919f72b3 100644
--- a/base/gdevp14.c
+++ b/base/gdevp14.c
@@ -11021,10 +11021,15 @@ pdf14_clist_fill_path(gx_device	*dev, const gs_gstate *pgs,
     }
     if (push_group) {
         gs_fixed_rect box;
-        if (pcpath)
+        gs_fixed_rect dev_bbox;
+
+        if (pcpath) {
             gx_cpath_outer_box(pcpath, &box);
-        else
+            (*dev_proc(dev, get_clipping_box)) (dev, &dev_bbox);
+            rect_intersect(box, dev_bbox);
+        } else
             (*dev_proc(dev, get_clipping_box)) (dev, &box);
+
         if (ppath) {
             gs_fixed_rect path_box;
 
@@ -11038,6 +11043,15 @@ pdf14_clist_fill_path(gx_device	*dev, const gs_gstate *pgs,
             if (box.q.y > path_box.q.y)
                 box.q.y = path_box.q.y;
         }
+
+        if (box.p.y >= box.q.y || box.p.x >= box.q.x) {
+            /* No need to do anything */
+            if (pinst != NULL) {
+                pinst->saved->trans_device = NULL;
+            }
+            return 0;
+        }
+
         /* Group alpha set from fill value. push_shfill_group does reset to 1.0 */
         code = push_shfill_group(pdev, &new_pgs, &box);
     } else
-- 
cgit v1.2.1