From 016adfa063293281a0896c62bf22e406b09ddf21 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Fri, 3 Jan 2014 18:17:11 +0000 Subject: Bug 694869: Fix indetermisms with broken PNG files. This bug shows 2 problems with our data handling. Firstly, if a zip file entry has less data in the stream than it is declared to have, we would leave the end of the data uninitialised. We now put out a warning, and blank it with zeros. Secondly, if the PNG decompression fails to decode enough data, we don't notice. Now we give a warning and blank the remaining pixels. --- source/xps/xps-zip.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source/xps') diff --git a/source/xps/xps-zip.c b/source/xps/xps-zip.c index f70a28bf..da1450e3 100644 --- a/source/xps/xps-zip.c +++ b/source/xps/xps-zip.c @@ -169,6 +169,12 @@ xps_read_zip_entry(xps_document *doc, xps_entry *ent, unsigned char *outbuf) } fz_free(ctx, inbuf); + + if (stream.avail_out > 0) + { + fz_warn(ctx, "Truncated zipfile entry found, possibly corrupt data"); + memset(stream.next_out, 0, stream.avail_out); + } } else { -- cgit v1.2.3