diff options
author | Simon Bünzli <zeniko@gmail.com> | 2015-01-07 23:15:37 +0100 |
---|---|---|
committer | Simon Bünzli <zeniko@gmail.com> | 2015-01-20 20:55:57 +0100 |
commit | ce240962933e0e7a6ad452200ea12f0c21e00666 (patch) | |
tree | 5b6c1406c539b9c904c952905c1e72ed26ecc1e6 | |
parent | 11f93dffbb17e74012a7f507a64c584498bb6ed4 (diff) | |
download | mupdf-ce240962933e0e7a6ad452200ea12f0c21e00666.tar.xz |
fix crash caused by commit 90c560641d9b459a658029eefc4cbb02fdbca0b5
When loading e.g. the file from bug 694567, MuPDF uses an unitialized
variable because pdf_document::xref_index contains values relative to
the document's original multi-part xref while the actual xref is the
repaired single-part one (and thus the cached value is too large).
Properly resetting the xref_index before starting reparation fixes this
crash.
-rw-r--r-- | source/pdf/pdf-xref.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c index 0a754084..58db1d9a 100644 --- a/source/pdf/pdf-xref.c +++ b/source/pdf/pdf-xref.c @@ -1371,6 +1371,8 @@ pdf_init_document(pdf_document *doc) if (repaired) { + /* pdf_repair_xref may access xref_index, so reset it properly */ + memset(doc->xref_index, 0, sizeof(int) * doc->max_xref_len); pdf_repair_xref(doc); pdf_prime_xref_index(doc); } |