Fix bug when opening small PDF-files.

The PDF repair code suffered an buffer index overflow while searching the buffer of file data if the file (and hence the buffer) was sufficiently small. This also happened while attempting to open a path pointing to a directory as they are treated as zero byte files.
author: Sebastian Rasmussen <sebras@gmail.com> 2016-06-29 12:24:09 +0200
committer: Sebastian Rasmussen <sebras@gmail.com> 2016-06-30 05:27:51 +0200
commit: 5da66a0fca3475720bad085eb6d630e4e9b79e11 (patch)
tree: 5b6fbcf34ed55e873df66bd53a48ffcce339300d /source
parent: df3c7813c7e185006dd0c6fc1a30dbcf31b716c4 (diff)
download: mupdf-5da66a0fca3475720bad085eb6d630e4e9b79e11.tar.xz
1 files changed, 7 insertions, 4 deletions
diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
index 6e8405cb..b0c56be0 100644
--- a/source/pdf/pdf-repair.c
+++ b/source/pdf/pdf-repair.c
@@ -318,12 +318,15 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
 		n = fz_read(ctx, doc->file, (unsigned char *)buf->scratch, fz_mini(buf->size, 1024));
 
 		fz_seek(ctx, doc->file, 0, 0);
-		for (j = 0; j < n - 4; j++)
+		if (n >= 4)
 		{
-			if (memcmp(&buf->scratch[j], "%PDF", 4) == 0)
+			for (j = 0; j < n - 4; j++)
 			{
-				fz_seek(ctx, doc->file, j + 8, 0); /* skip "%PDF-X.Y" */
-				break;
+				if (memcmp(&buf->scratch[j], "%PDF", 4) == 0)
+				{
+					fz_seek(ctx, doc->file, j + 8, 0); /* skip "%PDF-X.Y" */
+					break;
+				}
 			}
 		}
author	Sebastian Rasmussen <sebras@gmail.com>	2016-06-29 12:24:09 +0200
committer	Sebastian Rasmussen <sebras@gmail.com>	2016-06-30 05:27:51 +0200
commit	5da66a0fca3475720bad085eb6d630e4e9b79e11 (patch)
tree	5b6fbcf34ed55e873df66bd53a48ffcce339300d /source
parent	df3c7813c7e185006dd0c6fc1a30dbcf31b716c4 (diff)
download	mupdf-5da66a0fca3475720bad085eb6d630e4e9b79e11.tar.xz