From 31b6a66e542a0eb1fa6c52fa45784458e5e247f4 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Tue, 15 Mar 2016 10:27:30 +0000 Subject: Fix mode2compress for PCL. Previously this would overrun buffers in the pathological case (ABBABBABB...). We now only break from literals to runs for a run of at least 3 (except at the start). --- source/fitz/output-pcl.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'source') diff --git a/source/fitz/output-pcl.c b/source/fitz/output-pcl.c index 5a5ba996..65fff2fa 100644 --- a/source/fitz/output-pcl.c +++ b/source/fitz/output-pcl.c @@ -703,18 +703,31 @@ mode2compress(unsigned char *out, unsigned char *in, int in_len) } else { + /* Now copy as many literals as possible. We only + * break the run at a length of 127, at the end, + * or where we have 3 repeated values. */ int i; /* How many literals do we need to copy? */ - for (run = 1; run < 127 && x+run < in_len; run++) - if (in[run] == in[run+1]) + for (; run < 127 && x+run+2 < in_len; run++) + if (in[run] == in[run+1] && in[run] == in[run+2]) break; + /* Don't leave stragglers at the end */ + if (x + run + 2 >= in_len) + { + run = in_len - x; + if (run > 127) + run = 127; + } out[out_len++] = run-1; for (i = 0; i < run; i++) + { out[out_len++] = in[i]; + } } in += run; } + return out_len; } -- cgit v1.2.3