Bug 706539: Fix crash seen when decoding 2 tiffs in a row.

After decoding the first tiff, we free the buffer used to hold the tiff, but forgot to reset the size of the buffer. This meant that on trying to read the second tiff, we'd attempt to use an empty buffer, and crash.
author: Robin Watts <Robin.Watts@artifex.com> 2023-04-05 13:44:28 +0100
committer: Robin Watts <Robin.Watts@artifex.com> 2023-04-05 18:00:49 +0100
commit: 38af36ec272280bebd503d9b0419e27e5b9a239c (patch)
tree: 8c0bcbd26f5bb3ef08f92d23f32c479c52535c4f /gpdl
parent: 552f078788a5c91d2ae5f8114f63eb05f6b30bea (diff)
download: ghostpdl-38af36ec272280bebd503d9b0419e27e5b9a239c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/gpdl/tifftop.c b/gpdl/tifftop.c
index 49f4a7dc9..7bba78490 100644
--- a/gpdl/tifftop.c
+++ b/gpdl/tifftop.c
@@ -249,6 +249,7 @@ tiff_impl_init_job(pl_interp_implementation_t *impl,
 
     tiff->dev = device;
     tiff->state = ii_state_identifying;
+    tiff->buffer_full = 0;
 
     return 0;
 }
@@ -1187,6 +1188,8 @@ fail_decode:
             if (tiff->tiff_buffer) {
                 gs_free_object(tiff->memory, tiff->tiff_buffer, "tiff_impl_process(tiff_buffer)");
                 tiff->tiff_buffer = NULL;
+                tiff->buffer_max = 0;
+                tiff->buffer_full = 0;
             }
             /* We want to bin any data we get up to, but not including
              * a UEL. */
author	Robin Watts <Robin.Watts@artifex.com>	2023-04-05 13:44:28 +0100
committer	Robin Watts <Robin.Watts@artifex.com>	2023-04-05 18:00:49 +0100
commit	38af36ec272280bebd503d9b0419e27e5b9a239c (patch)
tree	8c0bcbd26f5bb3ef08f92d23f32c479c52535c4f /gpdl
parent	552f078788a5c91d2ae5f8114f63eb05f6b30bea (diff)
download	ghostpdl-38af36ec272280bebd503d9b0419e27e5b9a239c.tar.gz