summaryrefslogtreecommitdiff
path: root/source/pdf/pdf-appearance.c
diff options
context:
space:
mode:
authorRobin Watts <robin.watts@artifex.com>2014-01-08 13:51:05 +0000
committerRobin Watts <robin.watts@artifex.com>2014-01-08 19:20:44 +0000
commitfb20d5b74fcd9aac44b90a475ddb3b4c2f55ae9e (patch)
tree374ddd24dd7b4a651128c8a1b8c2016262927000 /source/pdf/pdf-appearance.c
parent98a111c8e49916f8f5ac21d11f4627540f9ddd49 (diff)
downloadmupdf-fb20d5b74fcd9aac44b90a475ddb3b4c2f55ae9e.tar.xz
Fuzzing fix: Overrun in fz_predict_png
If a file specifies a silly number of bpp in the PNG predictor it can overrun a buffer. This was shown by: tests_private/fuzzing/mupdf2/013b2dcbd0207501e922910ac335eb59_*.pdf but no longer shows up due to Simons earlier fix. Following discussion we still think it's worth having this fix in, as truncated data streams can cause len < bpp. Possibly we should throw an error here, but I think that's not necessary as we will return the short length, and the image reading code will notice that the image is truncated already. Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the fuzzing files.
Diffstat (limited to 'source/pdf/pdf-appearance.c')
0 files changed, 0 insertions, 0 deletions