diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2012-08-16 15:18:44 +0200 |
|---|---|---|
| committer | Tor Andersson <tor.andersson@artifex.com> | 2012-08-29 13:58:30 +0200 |
| commit | d2aefcfff6ef57fadcce87e61f844efe85f73d58 (patch) | |
| tree | 6160ceca2b915e5b3719ffbfd5b96676ea1cb968 /fitz | |
| parent | 2597722d7aa1be523058bc8449120d32768f44b3 (diff) | |
| download | mupdf-d2aefcfff6ef57fadcce87e61f844efe85f73d58.tar.xz | |
Handle missing clear codes in LZW.
Previously if the lookup table was full and no clear code appeared the
decoder would try to add more entries to the table. However the table
is of fixed size (4096 entries) so it would write outside the table.
Fix this by detecting when the lookup table is full and a clear code
ought to appear. At this point the decoder will now treat and process
any code as a clear code.
For valid documents this will never happen, for invalid documents this
means risking that succeeding codes may be misinterpreted and that the
decoded data will be incorrect, this case should be handled by the
consumer of the data though.
Fixes bug 693306.
Diffstat (limited to 'fitz')
| -rw-r--r-- | fitz/filt_lzwd.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/fitz/filt_lzwd.c b/fitz/filt_lzwd.c index 3ee4d34c..b1aa4421 100644 --- a/fitz/filt_lzwd.c +++ b/fitz/filt_lzwd.c @@ -80,6 +80,12 @@ read_lzwd(fz_stream *stm, unsigned char *buf, int len) break; } + if (next_code >= NUM_CODES && code != LZW_CLEAR) + { + fz_warn(stm->ctx, "missing clear code in lzw decode"); + code = LZW_CLEAR; + } + if (code == LZW_CLEAR) { code_bits = MIN_BITS; @@ -112,7 +118,7 @@ read_lzwd(fz_stream *stm, unsigned char *buf, int len) { code_bits ++; if (code_bits > MAX_BITS) - code_bits = MAX_BITS; /* FIXME */ + code_bits = MAX_BITS; } old_code = code; |