diff options
| author | Robin Watts <robin.watts@artifex.com> | 2012-11-29 16:46:09 +0000 |
|---|---|---|
| committer | Robin Watts <robin.watts@artifex.com> | 2012-11-30 11:58:54 +0000 |
| commit | a6b0a8273f2eb15fd5924501b6ad03e30f2c8d0a (patch) | |
| tree | 9e9e7a38574202b8be01805806086cff0b6dab61 /xps | |
| parent | 6c0e38f0e19ef50a7951f082981fabd49f4bee9f (diff) | |
| download | mupdf-a6b0a8273f2eb15fd5924501b6ad03e30f2c8d0a.tar.xz | |
Bug 693290: Various fixes found from fuzzing.
Thanks to zeniko for finding various problems and submitting a
patch that fixes them. This commit covers the simpler issues from
his patch; other commits will follow shortly.
* Out of range LZW codes.
* Buffer overflows and error handling in image_jpeg.c
* Buffer overflows in tiff handling
* buffer overflows in cmap parsing.
* Potential double free in font handling.
* Buffer overflow in pdf_form.c
* use of uninitialised value in error case in pdf_image.c
* NULL pointer dereference in xps_outline.c
Diffstat (limited to 'xps')
| -rw-r--r-- | xps/xps_outline.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xps/xps_outline.c b/xps/xps_outline.c index 5c5bdbc6..bd50dd35 100644 --- a/xps/xps_outline.c +++ b/xps/xps_outline.c @@ -66,7 +66,7 @@ xps_parse_document_structure(xps_document *doc, fz_xml *root) if (!strcmp(fz_xml_tag(root), "DocumentStructure")) { node = fz_xml_down(root); - if (!strcmp(fz_xml_tag(node), "DocumentStructure.Outline")) + if (node && !strcmp(fz_xml_tag(node), "DocumentStructure.Outline")) { node = fz_xml_down(node); if (!strcmp(fz_xml_tag(node), "DocumentOutline")) |