From ce240962933e0e7a6ad452200ea12f0c21e00666 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BCnzli?= Date: Wed, 7 Jan 2015 23:15:37 +0100 Subject: fix crash caused by commit 90c560641d9b459a658029eefc4cbb02fdbca0b5 When loading e.g. the file from bug 694567, MuPDF uses an unitialized variable because pdf_document::xref_index contains values relative to the document's original multi-part xref while the actual xref is the repaired single-part one (and thus the cached value is too large). Properly resetting the xref_index before starting reparation fixes this crash. --- source/pdf/pdf-xref.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source/pdf') diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c index 0a754084..58db1d9a 100644 --- a/source/pdf/pdf-xref.c +++ b/source/pdf/pdf-xref.c @@ -1371,6 +1371,8 @@ pdf_init_document(pdf_document *doc) if (repaired) { + /* pdf_repair_xref may access xref_index, so reset it properly */ + memset(doc->xref_index, 0, sizeof(int) * doc->max_xref_len); pdf_repair_xref(doc); pdf_prime_xref_index(doc); } -- cgit v1.2.3