From 3145e49a9ce16d45bf4d6bb01c64646f41d70e8f Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Thu, 22 Dec 2011 10:38:48 +0000 Subject: Fix Bug 692756: SEGVs in pdf_annot and pdf_outline A couple of bits of the code SEGV in the event that values are NULL. Fixed here by converting a do...while to a while, and adding an extra guard in the if. Thanks to Gaetan Bisson for the report, and patch. --- pdf/pdf_annot.c | 3 +-- pdf/pdf_outline.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pdf/pdf_annot.c b/pdf/pdf_annot.c index 84b403fe..79bdb4ff 100644 --- a/pdf/pdf_annot.c +++ b/pdf/pdf_annot.c @@ -6,7 +6,7 @@ pdf_free_link(fz_context *ctx, pdf_link *link) { pdf_link *next; - do + while (link) { next = link->next; if (link->dest) @@ -14,7 +14,6 @@ pdf_free_link(fz_context *ctx, pdf_link *link) fz_free(ctx, link); link = next; } - while(link); } static fz_obj * diff --git a/pdf/pdf_outline.c b/pdf/pdf_outline.c index a194178c..8a33d8e2 100644 --- a/pdf/pdf_outline.c +++ b/pdf/pdf_outline.c @@ -26,7 +26,7 @@ pdf_load_outline_imp(pdf_xref *xref, fz_obj *dict) if (fz_dict_gets(dict, "Dest") || fz_dict_gets(dict, "A")) { link = pdf_load_link(xref, dict); - if (link->kind == PDF_LINK_GOTO) + if (link && link->kind == PDF_LINK_GOTO) node->page = pdf_find_page_number(xref, fz_array_get(link->dest, 0)); pdf_free_link(xref->ctx, link); } -- cgit v1.2.3