From 13cb0a1b8dd7cdee9af519dab10d6b1c1036c321 Mon Sep 17 00:00:00 2001 From: yzrh Date: Thu, 5 Jan 2023 11:21:54 +0000 Subject: Fix invalid token parsing. Signed-off-by: yzrh --- src/pdf_parser.c | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/src/pdf_parser.c b/src/pdf_parser.c index 6520fd5..e6d8ac6 100644 --- a/src/pdf_parser.c +++ b/src/pdf_parser.c @@ -228,28 +228,31 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) ((tail = _memmem_whitespace(buf, ptr->size, ">>", 2)) != NULL || /* Hack needed for invalid object */ (tail = memmem(buf, ptr->size, ">>", 2)) != NULL)) { - /* - * A dictionary object may have nested dictionary, - * but it should not be in a stream - */ - while (ptr->size - (tail - buf) > 3 && - (tmp = _memmem_whitespace(tail + 3, - ptr->size - (tail - buf) - 3, - ">>", 2)) != NULL && - memmem(tail + 3, - (tmp - tail) - 3, - "stream\r\n", 8) == NULL) - tail = tmp; - - /* Hack needed for invalid object */ - while (ptr->size - (tail - buf) > 2 && - (tmp = memmem(tail + 2, - ptr->size - (tail - buf) - 2, - ">>", 2)) != NULL && - memmem(tail + 2, - (tmp - tail) - 2, - "stream\r\n", 8) == NULL) - tail = tmp; + if (memmem(buf, tail - buf, "stream\r\n", 8) != NULL) { + tail = memmem(buf, ptr->size, ">>", 2); + + while (ptr->size - (tail - buf) > 2 && + (tmp = memmem(tail + 2, + ptr->size - (tail - buf) - 2, + ">>", 2)) != NULL && + memmem(tail + 2, + (tmp - tail) - 2, + "stream\r\n", 8) == NULL) + tail = tmp; + } else { + /* + * A dictionary object may have nested dictionary, + * but it should not be in a stream + */ + while (ptr->size - (tail - buf) > 3 && + (tmp = _memmem_whitespace(tail + 3, + ptr->size - (tail - buf) - 3, + ">>", 2)) != NULL && + memmem(tail + 3, + (tmp - tail) - 3, + "stream\r\n", 8) == NULL) + tail = tmp; + } ptr->dictionary_size = tail - head + 2; ptr->dictionary = malloc(ptr->dictionary_size + 1); -- cgit v1.2.3