diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2022-03-08 12:03:26 +0000 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2022-03-08 12:09:52 +0000 |
commit | a424f166ee9c1196a6cd7e2ee2289f81545d022d (patch) | |
tree | 86943e3e75aba649bdaa016ac5ba5f6e30802667 /base/sa85d.c | |
parent | 0d85ab8e8e3a01653a499f76a471ac188372323f (diff) | |
download | ghostpdl-a424f166ee9c1196a6cd7e2ee2289f81545d022d.tar.gz |
oss-fuzz 45049: ASCII85Decode, avoid running off the end of the buffer
To maintain compatibility with Acrobat, the ASCII85Decode filter has to cope
with various breakages in the data, including whitespace between the '~' and
the '>', and even a missing '>'.
Searching the stream buffer for the '>', and not finding it, could leave the
pointer position a byte past the end of the buffer, this just ensures that
cannot happen.
Diffstat (limited to 'base/sa85d.c')
-rw-r--r-- | base/sa85d.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/base/sa85d.c b/base/sa85d.c index 4e51e89a6..a49a82864 100644 --- a/base/sa85d.c +++ b/base/sa85d.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2001-2021 Artifex Software, Inc. +/* Copyright (C) 2001-2022 Artifex Software, Inc. All Rights Reserved. This software is provided AS-IS with no warranty, either express or @@ -156,7 +156,10 @@ s_A85D_process(stream_state * st, stream_cursor_read * pr, } } finish: - p += i; /* advance to the '>' */ + if (p + i <= rlimit) + p += i; /* advance to the '>' */ + else + p = rlimit; /* Can happen if the '>' is missing */ pw->ptr = q; status = a85d_finish(ccount, word, pw); q = pw->ptr; |