diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2018-09-20 10:52:42 +0800 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2018-09-20 11:10:43 +0800 |
| commit | 94d6166428a679baa5a34fc5faa18a2aa26cee4a (patch) | |
| tree | 06255230447d827856aaf37de875f7c3dfdfc5a0 | |
| parent | 6cb730b004ec8ca463be7d7d0f8b2626352fce86 (diff) | |
| download | mupdf-94d6166428a679baa5a34fc5faa18a2aa26cee4a.tar.xz | |
Bug 699798: Avoid removing page from list if page was not loaded.
MuPDF may attempt to load a page but fail to do so, e.g. due to
a circular page tree. When this happens the page will never be
introduced into the document's list of pages. Its next and prev
pointers are both NULL, but the code in fz_drop_page() falsely
assumed that the prev pointer was always set.
Thanks to oss-fuzz for reporting.
| -rw-r--r-- | source/fitz/document.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source/fitz/document.c b/source/fitz/document.c index 26ae93ea..d234dc3b 100644 --- a/source/fitz/document.c +++ b/source/fitz/document.c @@ -493,7 +493,8 @@ fz_drop_page(fz_context *ctx, fz_page *page) /* Remove page from the list of open pages */ if (page->next != NULL) page->next->prev = page->prev; - *page->prev = page->next; + if (page->prev != NULL) + *page->prev = page->next; if (page->drop_page) page->drop_page(ctx, page); |