From 8ff2db02dba00a0fbc53ee4c89dcab60aab181ec Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Wed, 4 Jul 2012 20:10:28 +0100 Subject: Cope with negative lengths being passed to fz_open_null normal_994.pdf SEGVs due to a negative length. Simple fix to treat negative length streams as 0 length. --- fitz/filt_basic.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fitz') diff --git a/fitz/filt_basic.c b/fitz/filt_basic.c index ef6dc920..378abe21 100644 --- a/fitz/filt_basic.c +++ b/fitz/filt_basic.c @@ -46,6 +46,8 @@ fz_open_null(fz_stream *chain, int len, int offset) struct null_filter *state; fz_context *ctx = chain->ctx; + if (len < 0) + len = 0; fz_try(ctx) { state = fz_malloc_struct(ctx, struct null_filter); -- cgit v1.2.3