diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2021-05-12 10:51:09 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.com> | 2021-05-12 14:58:51 +0200 |
| commit | 6b1d5bafdc722d07d3dc4980764275a6caa707ba (patch) | |
| tree | b6445e3a24d5a5372a6c3c77b06a6ea706a57970 /download.lst | |
| parent | Guard against isCXX11ConstantExpr on dependent expression (diff) | |
| download | core-6b1d5bafdc722d07d3dc4980764275a6caa707ba.tar.gz core-6b1d5bafdc722d07d3dc4980764275a6caa707ba.zip | |
vcl PDF tokenizer: fix EOF position when \r is not followed by \n
Otherwise this would break partial tokenize when we only read a trailer
in the middle of the file: m_aEOFs.back() is one byte larger than
rStream.Tell(), so we reader past the end of the trailer, resulting in a
tokenize failure.
What's special about the bugdoc:
- it has 2 xrefs, the first is incomplete, and refers to a second which
is later in the file
- the object length is as indirect object, triggering an xref lookup
- the first EOF is followed by a \r, but then not with a \n
This results in reading past the end of the first trailer and then
triggering a lookup failure.
FWIW, pdfium does the same in
<https://pdfium.googlesource.com/pdfium/+/59d107323f6727bbd5f8a4d0843081790638a1dd/core/fpdfapi/parser/cpdf_syntax_parser.cpp#446>,
we're on in sync with it.
Change-Id: Ia556a25e333b5e4f1418d92a98d74358862120e2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115466
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
Diffstat (limited to 'download.lst')
0 files changed, 0 insertions, 0 deletions