From df835b0f23b4976b453d3bdd63c60804b2376c16 Mon Sep 17 00:00:00 2001
From: Robin Watts <robin.watts@artifex.com>
Date: Thu, 13 Dec 2012 17:51:07 +0000
Subject: Bug 693290: Avoid potential infinite loop in xps path parsing.

Another patch from zeniko; if we read an unknown cmd while parsing
a path string, ensure that we skip over any subsequent numbers to
avoid going into an infinite loop.
---
 xps/xps_path.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'xps')

diff --git a/xps/xps_path.c b/xps/xps_path.c
index 3bc92ff3..54acc114 100644
--- a/xps/xps_path.c
+++ b/xps/xps_path.c
@@ -454,6 +454,10 @@ xps_parse_abbreviated_geometry(xps_document *doc, char *geom, int *fill_rule)
 
 		default:
 			/* eek */
+			fz_warn(doc->ctx, "ignoring invalid command '%c'", cmd);
+			/* Skip any trailing numbers to avoid an infinite loop */
+			while (i < n && (args[i][0] == '+' || args[i][0] == '.' || args[i][0] == '-' || (args[i][0] >= '0' && args[i][0] <= '9')))
+				i ++;
 			break;
 		}
 
-- 
cgit v1.2.3