Kei Kebreau writes: > Is it frowned upon to revert that commit on its own (it's the third to > last commit as I write this), or should I attempt to patch on top of it? I've modified the patch to apply to 1.9a, but it was far from trivial due to many context changes in upstream git. The attached patch makes mupdf build at least, and viewing PDF still works... The interdiff is rather unintelligible, so to verify this you should compare the final patch with the 1.9a sources. Ideally we should try and reproduce this vulnerability (and others!) after applying this patch, but I don't know how to use AFL. Another option is to simply package up the git version, as there appears to be no users of mupdf in the tree. WDYT, is this patch safe?