From d2aefcfff6ef57fadcce87e61f844efe85f73d58 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Thu, 16 Aug 2012 15:18:44 +0200 Subject: Handle missing clear codes in LZW. Previously if the lookup table was full and no clear code appeared the decoder would try to add more entries to the table. However the table is of fixed size (4096 entries) so it would write outside the table. Fix this by detecting when the lookup table is full and a clear code ought to appear. At this point the decoder will now treat and process any code as a clear code. For valid documents this will never happen, for invalid documents this means risking that succeeding codes may be misinterpreted and that the decoded data will be incorrect, this case should be handled by the consumer of the data though. Fixes bug 693306. --- fitz/filt_lzwd.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'fitz') diff --git a/fitz/filt_lzwd.c b/fitz/filt_lzwd.c index 3ee4d34c..b1aa4421 100644 --- a/fitz/filt_lzwd.c +++ b/fitz/filt_lzwd.c @@ -80,6 +80,12 @@ read_lzwd(fz_stream *stm, unsigned char *buf, int len) break; } + if (next_code >= NUM_CODES && code != LZW_CLEAR) + { + fz_warn(stm->ctx, "missing clear code in lzw decode"); + code = LZW_CLEAR; + } + if (code == LZW_CLEAR) { code_bits = MIN_BITS; @@ -112,7 +118,7 @@ read_lzwd(fz_stream *stm, unsigned char *buf, int len) { code_bits ++; if (code_bits > MAX_BITS) - code_bits = MAX_BITS; /* FIXME */ + code_bits = MAX_BITS; } old_code = code; -- cgit v1.2.3