From 22339500c243e564eadf564b5ae2925e1caf44a9 Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Sun, 21 Jan 2018 21:08:07 +0100
Subject: Bug 698889: Handle unterminated PDF arrays gracefully.

Thanks to oss-fuzz for reporting this.
---
 source/pdf/pdf-parse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
index ff741dcb..7904ebd7 100644
--- a/source/pdf/pdf-parse.c
+++ b/source/pdf/pdf-parse.c
@@ -401,6 +401,9 @@ pdf_parse_array(fz_context *ctx, pdf_document *doc, fz_stream *file, pdf_lexbuf
 
 			switch (tok)
 			{
+			case PDF_TOK_EOF:
+				fz_throw(ctx, FZ_ERROR_SYNTAX, "array not closed before end of file");
+
 			case PDF_TOK_CLOSE_ARRAY:
 				op = ary;
 				goto end;
-- 
cgit v1.2.3