mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2025-09-02 01:02:15 +02:00
Fix copy_jpeg with invalid/corrupt JPEG data (Issue #132)
This commit is contained in:
Michael R Sweet
@@ -7,6 +7,7 @@ v1.5.4 - YYYY-MM-DD
|
|||||||
|
|
||||||
- Updated indirect reference reading code to limit the range of generation
|
- Updated indirect reference reading code to limit the range of generation
|
||||||
numbers.
|
numbers.
|
||||||
|
- Fixed a JPEG copy bug (Issue #132)
|
||||||
|
|
||||||
|
|
||||||
v1.5.3 - 2025-05-03
|
v1.5.3 - 2025-05-03
|
||||||
|
|||||||
@@ -2527,8 +2527,12 @@ copy_jpeg(pdfio_dict_t *dict, // I - Dictionary
|
|||||||
bufend += bytes;
|
bufend += bytes;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*bufptr == _PDFIO_JPEG_MARKER)
|
if (*bufptr != _PDFIO_JPEG_MARKER)
|
||||||
{
|
{
|
||||||
|
_pdfioFileError(dict->pdf, "Invalid JPEG data: <%02X>", *bufptr);
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
|
||||||
// Start of a marker in the file...
|
// Start of a marker in the file...
|
||||||
bufptr ++;
|
bufptr ++;
|
||||||
|
|
||||||
@@ -2536,13 +2540,11 @@ copy_jpeg(pdfio_dict_t *dict, // I - Dictionary
|
|||||||
length = (size_t)((bufptr[1] << 8) | bufptr[2]);
|
length = (size_t)((bufptr[1] << 8) | bufptr[2]);
|
||||||
bufptr += 3;
|
bufptr += 3;
|
||||||
|
|
||||||
if (marker == _PDFIO_JPEG_MARKER)
|
|
||||||
continue;
|
|
||||||
else if (marker == _PDFIO_JPEG_EOI || marker == _PDFIO_JPEG_SOS || length < 2)
|
|
||||||
break;
|
|
||||||
|
|
||||||
PDFIO_DEBUG("copy_jpeg: JPEG X'FF%02X' (length %u)\n", marker, (unsigned)length);
|
PDFIO_DEBUG("copy_jpeg: JPEG X'FF%02X' (length %u)\n", marker, (unsigned)length);
|
||||||
|
|
||||||
|
if (marker == _PDFIO_JPEG_EOI || marker == _PDFIO_JPEG_SOS || length < 2)
|
||||||
|
break;
|
||||||
|
|
||||||
length -= 2;
|
length -= 2;
|
||||||
|
|
||||||
if ((marker >= _PDFIO_JPEG_SOF0 && marker <= _PDFIO_JPEG_SOF3) || (marker >= _PDFIO_JPEG_SOF5 && marker <= _PDFIO_JPEG_SOF7) || (marker >= _PDFIO_JPEG_SOF9 && marker <= _PDFIO_JPEG_SOF11) || (marker >= _PDFIO_JPEG_SOF13 && marker <= _PDFIO_JPEG_SOF15))
|
if ((marker >= _PDFIO_JPEG_SOF0 && marker <= _PDFIO_JPEG_SOF3) || (marker >= _PDFIO_JPEG_SOF5 && marker <= _PDFIO_JPEG_SOF7) || (marker >= _PDFIO_JPEG_SOF9 && marker <= _PDFIO_JPEG_SOF11) || (marker >= _PDFIO_JPEG_SOF13 && marker <= _PDFIO_JPEG_SOF15))
|
||||||
@@ -2648,7 +2650,6 @@ copy_jpeg(pdfio_dict_t *dict, // I - Dictionary
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (width == 0 || height == 0 || (num_colors != 1 && num_colors != 3))
|
if (width == 0 || height == 0 || (num_colors != 1 && num_colors != 3))
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user