Bug 694889: Fix valgrind issues due to empty indexed spaces.

If indexed spaces are empty (or truncated) we use garbage values when they are read. Spot this and pad with 0s to at least be consistent. Fixes: 013b2dcbd0207501e922910ac335eb59_asan_heap-oob_a59696_5952_500.pdf 5440f8bc8af12e5f7050e59b7ee008cd_asan_heap-oob_a59dd9_5952_500.pdf fa8c712b03a7b02d6a12856ce042a44e_signal_sigsegv_a59b06_5847_493.pdf Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the fuzzing files.
author: Robin Watts <robin.watts@artifex.com> 2014-01-10 16:20:27 +0000
committer: Robin Watts <robin.watts@artifex.com> 2014-01-10 16:34:00 +0000
commit: e7be17be8685c5b57bf51a778fd188dbd4c74039 (patch)
tree: a568d130464a9047c17181c52eb889d871e06714 /source
parent: 23e4c17ed59124765161702520dfc346af5702af (diff)
download: mupdf-e7be17be8685c5b57bf51a778fd188dbd4c74039.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/source/pdf/pdf-colorspace.c b/source/pdf/pdf-colorspace.c
index 5fd569c3..b29826a5 100644
--- a/source/pdf/pdf-colorspace.c
+++ b/source/pdf/pdf-colorspace.c
@@ -213,7 +213,9 @@ load_indexed(pdf_document *doc, pdf_obj *array)
 			fz_try(ctx)
 			{
 				file = pdf_open_stream(doc, pdf_to_num(lookupobj), pdf_to_gen(lookupobj));
-				(void)fz_read(file, lookup, n);
+				i = fz_read(file, lookup, n);
+				if (i < n)
+					memset(lookup+i, 0, n-i);
 			}
 			fz_always(ctx)
 			{
author	Robin Watts <robin.watts@artifex.com>	2014-01-10 16:20:27 +0000
committer	Robin Watts <robin.watts@artifex.com>	2014-01-10 16:34:00 +0000
commit	e7be17be8685c5b57bf51a778fd188dbd4c74039 (patch)
tree	a568d130464a9047c17181c52eb889d871e06714 /source
parent	23e4c17ed59124765161702520dfc346af5702af (diff)
download	mupdf-e7be17be8685c5b57bf51a778fd188dbd4c74039.tar.xz