Bug 701799: avoid out-of-range array access in mj_color_correct().

Code is obscure, so this fix merely avoids out-of-range access in the simplest way possible, without understanding what the code is trying to do. Fixes: ./sanbin/gs -sOutputFile=tmp -sDEVICE=mj6000c ../bug-701799.pdf
author: Julian Smith <jules@op59.net> 2019-10-29 17:28:53 +0000
committer: Julian Smith <jules@op59.net> 2019-10-29 17:40:36 +0000
commit: 849e74e5ab450dd581942192da7101e0664fa5af (patch)
tree: e09ebabe5f541343f102896df6fe4ea14a5ed069
parent: 89f58f1aa95b3482cadf6977da49457194ee5358 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c
index f7f6a136a..a181304e6 100644
--- a/contrib/japanese/gdevmjc.c
+++ b/contrib/japanese/gdevmjc.c
@@ -1504,7 +1504,10 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp
         if (Y<0)
                 Y=0;
 
-        if(H>256 && H<1024){		/* green correct */
+        /* 2019-10-29 this used to be 'if(H>256 && H<1024)', which can then go
+        beyond bounds of the 512-element grnsep2[]. So have patched up to avoid
+        this, but without any proper idea about what's going on. */
+        if(H>256 && H<768){		/* green correct */
                 short	work;
                 work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16);
                 C+=work;
author	Julian Smith <jules@op59.net>	2019-10-29 17:28:53 +0000
committer	Julian Smith <jules@op59.net>	2019-10-29 17:40:36 +0000
commit	849e74e5ab450dd581942192da7101e0664fa5af (patch)
tree	e09ebabe5f541343f102896df6fe4ea14a5ed069
parent	89f58f1aa95b3482cadf6977da49457194ee5358 (diff)