diff options
| author | yzrh <yzrh@noema.org> | 2023-01-01 20:36:17 +0000 |
|---|---|---|
| committer | yzrh <yzrh@noema.org> | 2023-01-01 20:51:09 +0000 |
| commit | d6fa934b5f1a418ea4821a6562773b9ff1aaf6e8 (patch) | |
| tree | 0060347a2dab8ae01fb05079bd0942226d07e510 /src | |
| parent | 1a1fee1034b7d143a3ad77707ef930f2a8d1e3d8 (diff) | |
| download | melon-d6fa934b5f1a418ea4821a6562773b9ff1aaf6e8.tar.gz melon-d6fa934b5f1a418ea4821a6562773b9ff1aaf6e8.tar.zst | |
Handle incomplete PDF object in parser.
Signed-off-by: yzrh <yzrh@noema.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/pdf_parser.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/src/pdf_parser.c b/src/pdf_parser.c index 54c7fb4..d0affb6 100644 --- a/src/pdf_parser.c +++ b/src/pdf_parser.c @@ -148,12 +148,16 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) memset(buf, 0, ptr->size); - fseek(*fp, ptr->address - 12, SEEK_SET); + fseek(*fp, ptr->address - 15, SEEK_SET); fread(str, 8, 1, *fp); - for (int i = 0; i < 8; i++) { - if (str[i] >= '0' && str[i] <= '9') { - ptr->id = atoi(str + i); + for (int i = 7; i >= 0; i--) { + if (str[i] < '0' || str[i] > '9') { + if (i < 7) + ptr->id = atoi(str + i + 1); + else + ptr->id = 0; + break; } } @@ -181,8 +185,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) if (ptr->dictionary == NULL) return 1; - memset(ptr->dictionary, 0, ptr->dictionary_size + 1); memcpy(ptr->dictionary, head, ptr->dictionary_size); + memset(ptr->dictionary + ptr->dictionary_size, 0, 1); if ((head = memmem(tail, ptr->size - (tail - buf), @@ -195,8 +199,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) * contains another object that * contains another stream */ - while (_memmem_whitespace(tail, - ptr->size - (tail - buf), + while (_memmem_whitespace(tail + 10, + ptr->size - (tail - buf) - 10, "endobj", 6) != NULL && (tmp = _memmem_whitespace(tail + 10, ptr->size - (tail - buf) - 10, @@ -211,19 +215,13 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) memcpy(ptr->stream, head + 8, ptr->stream_size); } + + free(buf); } else { ptr->object_size = ptr->size; - ptr->object = malloc(ptr->object_size + 1); - - if (ptr->object == NULL) - return 1; - - memset(ptr->object, 0, ptr->object_size + 1); - memcpy(ptr->object, buf, ptr->object_size); + ptr->object = buf; } - free(buf); - ptr = ptr->next; } |