Bug 695171: Pointer error when padding an fz_concat machine

When we return the padding byte in an fz_concat stream, ensure that we remember to increment rp to point just past in. If not, then we'll read 2 whitespace chars out. This is fine unless we try and fz_unread_byte the first one, when we'll leave rp pointing to an out of buffer address. Credit to Malc for the bisecting/debugging that got me to the fix. Many thanks.
author: Robin Watts <robin.watts@artifex.com> 2014-04-27 23:40:34 +0100
committer: Robin Watts <robin.watts@artifex.com> 2014-04-27 23:45:09 +0100
commit: 22685a3e50098360a599ec344b9ae470ce740313 (patch)
tree: 7d2884b80565d7c3bebf44c6456bf658a16438b9
parent: a2e9a46fea0489c341e0dd713763b0fd609b47c2 (diff)
download: mupdf-22685a3e50098360a599ec344b9ae470ce740313.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/source/fitz/filter-basic.c b/source/fitz/filter-basic.c
index 5defe066..3673226d 100644
--- a/source/fitz/filter-basic.c
+++ b/source/fitz/filter-basic.c
@@ -126,7 +126,7 @@ next_concat(fz_stream *stm, int max)
 			fz_close(state->chain[state->current-1]);
 			if (state->pad)
 			{
-				stm->rp = &state->ws_buf;
+				stm->rp = (&state->ws_buf)+1;
 				stm->wp = stm->rp + 1;
 				stm->pos++;
 				return 32;
author	Robin Watts <robin.watts@artifex.com>	2014-04-27 23:40:34 +0100
committer	Robin Watts <robin.watts@artifex.com>	2014-04-27 23:45:09 +0100
commit	22685a3e50098360a599ec344b9ae470ce740313 (patch)
tree	7d2884b80565d7c3bebf44c6456bf658a16438b9
parent	a2e9a46fea0489c341e0dd713763b0fd609b47c2 (diff)
download	mupdf-22685a3e50098360a599ec344b9ae470ce740313.tar.xz