From a6b0a8273f2eb15fd5924501b6ad03e30f2c8d0a Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Thu, 29 Nov 2012 16:46:09 +0000 Subject: Bug 693290: Various fixes found from fuzzing. Thanks to zeniko for finding various problems and submitting a patch that fixes them. This commit covers the simpler issues from his patch; other commits will follow shortly. * Out of range LZW codes. * Buffer overflows and error handling in image_jpeg.c * Buffer overflows in tiff handling * buffer overflows in cmap parsing. * Potential double free in font handling. * Buffer overflow in pdf_form.c * use of uninitialised value in error case in pdf_image.c * NULL pointer dereference in xps_outline.c --- xps/xps_outline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'xps') diff --git a/xps/xps_outline.c b/xps/xps_outline.c index 5c5bdbc6..bd50dd35 100644 --- a/xps/xps_outline.c +++ b/xps/xps_outline.c @@ -66,7 +66,7 @@ xps_parse_document_structure(xps_document *doc, fz_xml *root) if (!strcmp(fz_xml_tag(root), "DocumentStructure")) { node = fz_xml_down(root); - if (!strcmp(fz_xml_tag(node), "DocumentStructure.Outline")) + if (node && !strcmp(fz_xml_tag(node), "DocumentStructure.Outline")) { node = fz_xml_down(node); if (!strcmp(fz_xml_tag(node), "DocumentOutline")) -- cgit v1.2.3