Improve mutool clean behaviour on broken streams.

When cleaning a file with a corrupt stream in it, historically mupdf
would give up when it encountered such a stream. This is often not
what is desired, as information can be lost.

The changes herein allow us to use our best efforts when reading
a stream, so that broken streams are reproduced in the output
cleaned file.

Problem found in a test file, pdf_001/2599.pdf.asan.58.1778 supplied
by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google
Security Team using Address Sanitizer. Many thanks!

1 files changed, 15 insertions, 0 deletions

diff --git a/fitz/fitz-internal.h b/fitz/fitz-internal.h
index b8d34d80..58b77c94 100644
--- a/fitz/fitz-internal.h
+++ b/fitz/fitz-internal.h
@@ -682,6 +682,21 @@ fz_stream *fz_new_stream(fz_context *ctx, void*, int(*)(fz_stream*, unsigned cha
 fz_stream *fz_keep_stream(fz_stream *stm);
 void fz_fill_buffer(fz_stream *stm);
 
+/*
+	fz_read_best: Attempt to read a stream into a buffer. If truncated
+	is NULL behaves as fz_read_all, otherwise does not throw exceptions
+	in the case of failure, but instead sets a truncated flag.
+
+	stm: The stream to read from.
+
+	initial: Suggested initial size for the buffer.
+
+	truncated: Flag to store success/failure indication in.
+
+	Returns a buffer created from reading from the stream.
+*/
+fz_buffer *fz_read_best(fz_stream *stm, int initial, int *truncated);
+
 void fz_read_line(fz_stream *stm, char *buf, int max);
 
 static inline int fz_read_byte(fz_stream *stm)