1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Fpdf%2Fpdf-xref.c;h=ed09094cb3a7b99f474967b7dd481244732eac73;hp=723b543c0282c8ba3abd01c9bd430e1d0be714a4;hb=b03def134988da8c800adac1a38a41a1f09a1d89;hpb=26527eef77b3e51c2258c8e40845bfbc015e405d
Index: mupdf-1.5/source/pdf/pdf-xref.c
===================================================================
--- mupdf-1.5.orig/source/pdf/pdf-xref.c 2018-03-24 16:47:33.572758043 +0100
+++ mupdf-1.5/source/pdf/pdf-xref.c 2018-03-24 16:50:49.624758333 +0100
@@ -1326,6 +1326,19 @@
{
objstm = pdf_load_object(doc, num, gen);
+ if (pdf_obj_marked(objstm))
+ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup");
+ }
+ fz_catch(ctx)
+ {
+ pdf_drop_obj(objstm);
+ fz_rethrow(ctx);
+ }
+
+ fz_try(ctx)
+ {
+ pdf_mark_obj(objstm);
+
count = pdf_to_int(pdf_dict_gets(objstm, "N"));
first = pdf_to_int(pdf_dict_gets(objstm, "First"));
@@ -1397,6 +1410,7 @@
fz_close(stm);
fz_free(ctx, ofsbuf);
fz_free(ctx, numbuf);
+ pdf_unmark_obj(objstm);
pdf_drop_obj(objstm);
}
fz_catch(ctx)
|
