Handle incomplete PDF object in parser.

Signed-off-by: yzrh <yzrh@noema.org>
2023-01-01 20:36:17 +00:00 · 2023-01-01 20:36:17 +00:00 · d6fa934b5f
commit d6fa934b5f
parent 1a1fee1034
1 changed files with 14 additions and 16 deletions
--- a/src/pdf_parser.c
+++ b/src/pdf_parser.c
@ -148,12 +148,16 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 		memset(buf, 0, ptr->size);
-		fseek(*fp, ptr->address - 12, SEEK_SET);
+		fseek(*fp, ptr->address - 15, SEEK_SET);
 		fread(str, 8, 1, *fp);
-		for (int i = 0; i < 8; i++) {
+		for (int i = 7; i >= 0; i--) {
-			if (str[i] >= '0' && str[i] <= '9') {
+			if (str[i] < '0' || str[i] > '9') {
-				ptr->id = atoi(str + i);
+				if (i < 7)
 					ptr->id = atoi(str + i + 1);
 				else
 					ptr->id = 0;
 				break;
 			}
 		}
@ -181,8 +185,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 			if (ptr->dictionary == NULL)
 				return 1;
 			memset(ptr->dictionary, 0, ptr->dictionary_size + 1);
 			memcpy(ptr->dictionary, head, ptr->dictionary_size);
 			memset(ptr->dictionary + ptr->dictionary_size, 0, 1);
 			if ((head = memmem(tail,
 				ptr->size - (tail - buf),
@ -195,8 +199,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 				 * contains another object that
 				 * contains another stream
 				 */
-				while (_memmem_whitespace(tail,
+				while (_memmem_whitespace(tail + 10,
-					ptr->size - (tail - buf),
+					ptr->size - (tail - buf) - 10,
 					"endobj", 6) != NULL &&
 					(tmp = _memmem_whitespace(tail + 10,
 					ptr->size - (tail - buf) - 10,
@ -211,19 +215,13 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 				memcpy(ptr->stream, head + 8, ptr->stream_size);
 			}
 			free(buf);
 		} else {
 			ptr->object_size = ptr->size;
-			ptr->object = malloc(ptr->object_size + 1);
+			ptr->object = buf;
 			if (ptr->object == NULL)
 				return 1;
 			memset(ptr->object, 0, ptr->object_size + 1);
 			memcpy(ptr->object, buf, ptr->object_size);
 		}
 		free(buf);
 		ptr = ptr->next;
 	}