diff options
author | Tor Andersson <tor.andersson@artifex.com> | 2011-10-31 22:40:03 +0100 |
---|---|---|
committer | Tor Andersson <tor.andersson@artifex.com> | 2011-11-01 23:46:57 +0100 |
commit | d5bdf330a2e9b5596dd7a3f40a6cbd81bd6e0538 (patch) | |
tree | d71ebee6070f956c34a5d25f51399f5da2dc88de | |
parent | cf4d72646d02e0b05bdb7985aa9400f5d67253e8 (diff) | |
download | mupdf-d5bdf330a2e9b5596dd7a3f40a6cbd81bd6e0538.tar.xz |
Avoid pointer arithmetic in fz_seek.
The pointer arithmetic could over/underflow, causing the range
test to pass even when it shouldn't (due to compiler oddities).
-rw-r--r-- | fitz/stm_read.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fitz/stm_read.c b/fitz/stm_read.c index 59f06433..ff97340f 100644 --- a/fitz/stm_read.c +++ b/fitz/stm_read.c @@ -175,10 +175,10 @@ fz_seek(fz_stream *stm, int offset, int whence) } if (whence == 0) { - unsigned char *p = stm->wp - (stm->pos - offset); - if (p >= stm->bp && p <= stm->wp) + int dist = stm->pos - offset; + if (dist >= 0 && dist <= stm->wp - stm->bp) { - stm->rp = p; + stm->rp = stm->wp - dist; stm->eof = 0; return; } |