From 94d6166428a679baa5a34fc5faa18a2aa26cee4a Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Thu, 20 Sep 2018 10:52:42 +0800 Subject: Bug 699798: Avoid removing page from list if page was not loaded. MuPDF may attempt to load a page but fail to do so, e.g. due to a circular page tree. When this happens the page will never be introduced into the document's list of pages. Its next and prev pointers are both NULL, but the code in fz_drop_page() falsely assumed that the prev pointer was always set. Thanks to oss-fuzz for reporting. --- source/fitz/document.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/fitz/document.c b/source/fitz/document.c index 26ae93ea..d234dc3b 100644 --- a/source/fitz/document.c +++ b/source/fitz/document.c @@ -493,7 +493,8 @@ fz_drop_page(fz_context *ctx, fz_page *page) /* Remove page from the list of open pages */ if (page->next != NULL) page->next->prev = page->prev; - *page->prev = page->next; + if (page->prev != NULL) + *page->prev = page->next; if (page->drop_page) page->drop_page(ctx, page); -- cgit v1.2.3