Handle incomplete PDF object in parser.

Signed-off-by: yzrh <yzrh@noema.org>
This commit is contained in:
yzrh 2023-01-01 20:36:17 +00:00
parent 1a1fee1034
commit d6fa934b5f

View file

@ -148,12 +148,16 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
memset(buf, 0, ptr->size);
fseek(*fp, ptr->address - 12, SEEK_SET);
fseek(*fp, ptr->address - 15, SEEK_SET);
fread(str, 8, 1, *fp);
for (int i = 0; i < 8; i++) {
if (str[i] >= '0' && str[i] <= '9') {
ptr->id = atoi(str + i);
for (int i = 7; i >= 0; i--) {
if (str[i] < '0' || str[i] > '9') {
if (i < 7)
ptr->id = atoi(str + i + 1);
else
ptr->id = 0;
break;
}
}
@ -181,8 +185,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
if (ptr->dictionary == NULL)
return 1;
memset(ptr->dictionary, 0, ptr->dictionary_size + 1);
memcpy(ptr->dictionary, head, ptr->dictionary_size);
memset(ptr->dictionary + ptr->dictionary_size, 0, 1);
if ((head = memmem(tail,
ptr->size - (tail - buf),
@ -195,8 +199,8 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
* contains another object that
* contains another stream
*/
while (_memmem_whitespace(tail,
ptr->size - (tail - buf),
while (_memmem_whitespace(tail + 10,
ptr->size - (tail - buf) - 10,
"endobj", 6) != NULL &&
(tmp = _memmem_whitespace(tail + 10,
ptr->size - (tail - buf) - 10,
@ -211,18 +215,12 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
memcpy(ptr->stream, head + 8, ptr->stream_size);
}
} else {
ptr->object_size = ptr->size;
ptr->object = malloc(ptr->object_size + 1);
if (ptr->object == NULL)
return 1;
memset(ptr->object, 0, ptr->object_size + 1);
memcpy(ptr->object, buf, ptr->object_size);
}
free(buf);
} else {
ptr->object_size = ptr->size;
ptr->object = buf;
}
ptr = ptr->next;
}