From 970fb11a296b5bbdc5e8425851253d2c5913c45e Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Tue, 26 Mar 2019 20:36:31 -0400
Subject: [PATCH] Fix bug#296

---
 libdjvu/DjVmDir.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index 153e3c7..5834da6 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -300,6 +300,9 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
          memcpy((char*) strings+strings_size, buffer, length);
       }
       DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
+      int strings_size=strings.size();
+      strings.resize(strings_size+3);
+      memset((char*) strings+strings_size, 0, 4);
    
          // Copy names into the files
       const char * ptr=strings;
@@ -307,6 +310,8 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
       {
          GP<File> file=files_list[pos];
 
+         if (ptr >= (const char*)strings + strings_size)
+           G_THROW( "DjVu document is corrupted (DjVmDir)" );
          file->id=ptr;
          ptr+=file->id.length()+1;
          if (file->flags & File::HAS_NAME)
-- 
2.23.0