summaryrefslogtreecommitdiff
path: root/source/pdf/pdf-stream.c
diff options
context:
space:
mode:
authorRobin Watts <robin.watts@artifex.com>2016-04-13 15:56:45 +0100
committerRobin Watts <robin.watts@artifex.com>2016-04-18 10:51:22 +0100
commitbf73ce40b26317cc067239c0e183ea4257a25c2f (patch)
tree675163ac4746fb935dd4e1bffd43196da6588791 /source/pdf/pdf-stream.c
parent8e1cd871076f93e45faac787e633ae73ddd67bdb (diff)
downloadmupdf-bf73ce40b26317cc067239c0e183ea4257a25c2f.tar.xz
Fix corruption of file using sanitize.
When sanitizing a file, while cleaning with decompression, I was seeing a flate problem reported. The issue is that pdf_open_filter was passing pdf_open_raw_filter the orig_num as both num and orig_num. This was causing us to find an fz_buffer attached to the (wrong) xref entry and to open that instead of the underlying stream. The fix is to propogate num a bit further.
Diffstat (limited to 'source/pdf/pdf-stream.c')
-rw-r--r--source/pdf/pdf-stream.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
index 7f58d6c0..68f4683c 100644
--- a/source/pdf/pdf-stream.c
+++ b/source/pdf/pdf-stream.c
@@ -281,7 +281,7 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob
* to stream length and decrypting.
*/
static fz_stream *
-pdf_open_filter(fz_context *ctx, pdf_document *doc, fz_stream *chain, pdf_obj *stmobj, int num, int gen, fz_off_t offset, fz_compression_params *imparams)
+pdf_open_filter(fz_context *ctx, pdf_document *doc, fz_stream *chain, pdf_obj *stmobj, int num, int orig_num, int orig_gen, fz_off_t offset, fz_compression_params *imparams)
{
pdf_obj *filters;
pdf_obj *params;
@@ -289,7 +289,7 @@ pdf_open_filter(fz_context *ctx, pdf_document *doc, fz_stream *chain, pdf_obj *s
filters = pdf_dict_geta(ctx, stmobj, PDF_NAME_Filter, PDF_NAME_F);
params = pdf_dict_geta(ctx, stmobj, PDF_NAME_DecodeParms, PDF_NAME_DP);
- chain = pdf_open_raw_filter(ctx, chain, doc, stmobj, num, num, gen, offset);
+ chain = pdf_open_raw_filter(ctx, chain, doc, stmobj, num, orig_num, orig_gen, offset);
fz_var(chain);
@@ -299,13 +299,13 @@ pdf_open_filter(fz_context *ctx, pdf_document *doc, fz_stream *chain, pdf_obj *s
{
fz_stream *chain2 = chain;
chain = NULL;
- chain = build_filter(ctx, chain2, doc, filters, params, num, gen, imparams);
+ chain = build_filter(ctx, chain2, doc, filters, params, orig_num, orig_gen, imparams);
}
else if (pdf_array_len(ctx, filters) > 0)
{
fz_stream *chain2 = chain;
chain = NULL;
- chain = build_filter_chain(ctx, chain2, doc, filters, params, num, gen, imparams);
+ chain = build_filter_chain(ctx, chain2, doc, filters, params, orig_num, orig_gen, imparams);
}
}
fz_catch(ctx)
@@ -403,7 +403,7 @@ pdf_open_image_stream(fz_context *ctx, pdf_document *doc, int num, int gen, int
if (x->stm_ofs == 0 && x->stm_buf == NULL)
fz_throw(ctx, FZ_ERROR_GENERIC, "object is not a stream");
- return pdf_open_filter(ctx, doc, doc->file, x->obj, orig_num, orig_gen, x->stm_ofs, params);
+ return pdf_open_filter(ctx, doc, doc->file, x->obj, num, orig_num, orig_gen, x->stm_ofs, params);
}
/*
@@ -423,7 +423,7 @@ pdf_open_stream_with_offset(fz_context *ctx, pdf_document *doc, int num, int gen
if (stm_ofs == 0)
fz_throw(ctx, FZ_ERROR_GENERIC, "object is not a stream");
- return pdf_open_filter(ctx, doc, doc->file, dict, num, gen, stm_ofs, NULL);
+ return pdf_open_filter(ctx, doc, doc->file, dict, num, num, gen, stm_ofs, NULL);
}
/*