diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2018-02-03 20:04:24 +0100 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2018-02-06 03:07:10 +0100 |
| commit | 862245679f67ff35d9868bad5b7ede1c7b1c0873 (patch) | |
| tree | df6ad3dc79005ca9c719ce7b437104639e33e1a6 | |
| parent | ed4a82d3f8b12bc1b22f1ba3bd2eeecc43a06d46 (diff) | |
| download | mupdf-862245679f67ff35d9868bad5b7ede1c7b1c0873.tar.xz | |
Bug 698988: Handle out of range predictors in filter.
Thanks to oss-fuzz for reporting.
| -rw-r--r-- | source/fitz/filter-predict.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/source/fitz/filter-predict.c b/source/fitz/filter-predict.c index d0b2717c..24007bfe 100644 --- a/source/fitz/filter-predict.c +++ b/source/fitz/filter-predict.c @@ -98,7 +98,7 @@ fz_predict_tiff(fz_predict *state, unsigned char *out, unsigned char *in) } static void -fz_predict_png(fz_predict *state, unsigned char *out, unsigned char *in, size_t len, int predictor) +fz_predict_png(fz_context *ctx, fz_predict *state, unsigned char *out, unsigned char *in, size_t len, int predictor) { int bpp = state->bpp; size_t i; @@ -109,6 +109,9 @@ fz_predict_png(fz_predict *state, unsigned char *out, unsigned char *in, size_t switch (predictor) { + default: + fz_warn(ctx, "unknown png predictor %d, treating as none", predictor); + /* fallthrough */ case 0: memcpy(out, in, len); break; @@ -188,7 +191,7 @@ next_predict(fz_context *ctx, fz_stream *stm, size_t len) fz_predict_tiff(state, state->out, state->in); else { - fz_predict_png(state, state->out, state->in + 1, n - 1, state->in[0]); + fz_predict_png(ctx, state, state->out, state->in + 1, n - 1, state->in[0]); memcpy(state->ref, state->out, state->stride); } |