Age | Commit message (Collapse) | Author |
|
Thanks to zeniko.
|
|
A NULL pointer dereference could be caused in error cases due
to me failing to apply zenikos patch correctly.
|
|
Turns out that jpeg_finish_decompress can throw errors, hence
can cause an infinite loop. This is fixed here by changing the
jpeg error code to be fz_throw based.
Thanks to zeniko for this patch.
This highlights something that I hadn't fully appreciated before;
anything that throws in a fz_always region will reenter that region.
I think I have a way to fix this so that any throws in the
fz_always region go immediately to the fz_catch.
|
|
Thanks to zeniko for finding various problems and submitting a
patch that fixes them. This commit covers the simpler issues from
his patch; other commits will follow shortly.
* Out of range LZW codes.
* Buffer overflows and error handling in image_jpeg.c
* Buffer overflows in tiff handling
* buffer overflows in cmap parsing.
* Potential double free in font handling.
* Buffer overflow in pdf_form.c
* use of uninitialised value in error case in pdf_image.c
* NULL pointer dereference in xps_outline.c
|
|
Attempt to separate public API from internal functions.
|
|
|
|
|
|
|