Ladybird/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-10 18:10:56 +09:00
Code Activity

LibPDF: Fix loop condition in parse_xref_stream()

Browse source 
We previously compared two unrelated values to determine if we parsed
the xref table to completion. We now check if we added every subsection
instead, and double check to make sure we never read past the end.
This commit is contained in:
Julian Offenhäuser 2022-11-10 23:03:33 +01:00 committed by Andreas Kling
parent a17a23a3f0
commit 4b1a72ff7a
Notes: sideshowbarker 2024-07-17 04:19:33 +09:00
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Userland/Libraries/LibPDF/DocumentParser.cpp
View file

@ -328,10 +328,14 @@ PDFErrorOr<NonnullRefPtr<XRefTable>> DocumentParser::parse_xref_stream()
Vector<XRefEntry> entries;
for (int entry_index = 0; entry_index < highest_object_number; ++entry_index) {
for (int entry_index = 0; subsection_index < subsections.size(); ++entry_index) {
Array<long, 3> fields;
for (size_t field_index = 0; field_index < 3; ++field_index) {
auto field_size = field_sizes->at(field_index).get_u32();
if (byte_index + field_size > stream->bytes().size())
return error("The xref stream data cut off early");
auto field = stream->bytes().slice(byte_index, field_size);
fields[field_index] = field_to_long(field);
byte_index += field_size;
@ -343,9 +347,6 @@ PDFErrorOr<NonnullRefPtr<XRefTable>> DocumentParser::parse_xref_stream()
entries.append({ fields[1], static_cast<u16>(fields[2]), type != 0, type == 2 });
if (subsection_index >= subsections.size())
break;
auto subsection = subsections[subsection_index];
if (entry_index >= subsection.get<1>()) {
table->add_section({ subsection.get<0>(), subsection.get<1>(), entries });