From 970fb11a296b5bbdc5e8425851253d2c5913c45e Mon Sep 17 00:00:00 2001 From: Leon Bottou <leon@bottou.org> Date: Tue, 26 Mar 2019 20:36:31 -0400 Subject: [PATCH] Fix bug#296 --- libdjvu/DjVmDir.cpp | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp index a6a39e03..0a0fac6c 100644 --- a/libdjvu/DjVmDir.cpp +++ b/libdjvu/DjVmDir.cpp @@ -300,36 +300,44 @@ DjVmDir::decode(const GP<ByteStream> &gs memcpy((char*) strings+strings_size, buffer, length); } DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); + int strings_size=strings.size(); + strings.resize(strings_size+3); + memset((char*) strings+strings_size, 0, 4); - // Copy names into the files + // Copy names into the files const char * ptr=strings; for(pos=files_list;pos;++pos) { GP<File> file=files_list[pos]; - + if (ptr >= (const char*)strings + strings_size) + G_THROW( "DjVu document is corrupted (DjVmDir)" ); file->id=ptr; ptr+=file->id.length()+1; if (file->flags & File::HAS_NAME) { - file->name=ptr; - ptr+=file->name.length()+1; - } else + file->name=ptr; + ptr+=file->name.length()+1; + } + else { file->name=file->id; } if (file->flags & File::HAS_TITLE) { - file->title=ptr; - ptr+=file->title.length()+1; - } else - file->title=file->id; - /* msr debug: multipage file, file->title is null. + file->title=ptr; + ptr+=file->title.length()+1; + } + else + { + file->title=file->id; + } + /* msr debug: multipage file, file->title is null. DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " << file->offset << ", " << file->size << ", " << file->is_page() << "\n"); */ } - // Check that there is only one file with SHARED_ANNO flag on + // Check that there is only one file with SHARED_ANNO flag on int shared_anno_cnt=0; for(pos=files_list;pos;++pos) {