diff options
Diffstat (limited to 'source/pdf/pdf-xref.c')
-rw-r--r-- | source/pdf/pdf-xref.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c index 02b935c8..b3505c36 100644 --- a/source/pdf/pdf-xref.c +++ b/source/pdf/pdf-xref.c @@ -1349,7 +1349,7 @@ pdf_load_obj_stm(pdf_document *doc, int num, int gen, pdf_lexbuf *buf) obj = pdf_parse_stm_obj(doc, stm, buf); - if (numbuf[i] < 1 || numbuf[i] >= xref_len) + if (numbuf[i] <= 0 || numbuf[i] >= xref_len) { pdf_drop_obj(obj); fz_throw(ctx, FZ_ERROR_GENERIC, "object id (%d 0 R) out of range (0..%d)", numbuf[i], xref_len - 1); @@ -1638,7 +1638,7 @@ pdf_cache_object(pdf_document *doc, int num, int gen) fz_var(try_repair); - if (num < 0 || num >= pdf_xref_len(doc)) + if (num <= 0 || num >= pdf_xref_len(doc)) fz_throw(ctx, FZ_ERROR_GENERIC, "object out of range (%d %d R); xref size %d", num, gen, pdf_xref_len(doc)); object_updated: @@ -1764,7 +1764,7 @@ pdf_resolve_indirect(pdf_obj *ref) { if (--sanity == 0) { - fz_warn(ctx, "Too many indirections (possible indirection cycle involving %d %d R)", num, gen); + fz_warn(ctx, "too many indirections (possible indirection cycle involving %d %d R)", num, gen); return NULL; } doc = pdf_get_indirect_document(ref); @@ -1773,6 +1773,13 @@ pdf_resolve_indirect(pdf_obj *ref) ctx = doc->ctx; num = pdf_to_num(ref); gen = pdf_to_gen(ref); + + if (num <= 0 || gen < 0) + { + fz_warn(ctx, "invalid indirect reference (%d %d R)", num, gen); + return NULL; + } + fz_try(ctx) { pdf_cache_object(doc, num, gen); @@ -1819,7 +1826,7 @@ pdf_delete_object(pdf_document *doc, int num) { pdf_xref_entry *x; - if (num < 0 || num >= pdf_xref_len(doc)) + if (num <= 0 || num >= pdf_xref_len(doc)) { fz_warn(doc->ctx, "object out of range (%d 0 R); xref size %d", num, pdf_xref_len(doc)); return; @@ -1843,7 +1850,7 @@ pdf_update_object(pdf_document *doc, int num, pdf_obj *newobj) { pdf_xref_entry *x; - if (num < 0 || num >= pdf_xref_len(doc)) + if (num <= 0 || num >= pdf_xref_len(doc)) { fz_warn(doc->ctx, "object out of range (%d 0 R); xref size %d", num, pdf_xref_len(doc)); return; @@ -1865,7 +1872,7 @@ pdf_update_stream(pdf_document *doc, int num, fz_buffer *newbuf) { pdf_xref_entry *x; - if (num < 0 || num >= pdf_xref_len(doc)) + if (num <= 0 || num >= pdf_xref_len(doc)) { fz_warn(doc->ctx, "object out of range (%d 0 R); xref size %d", num, pdf_xref_len(doc)); return; |