packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ghostscript/Bug-702335-jbig2dec-Refill-input-buffer-upon-failure-to-parse-segment-header.patch
wangchen2020 2562b03d38 Sync some patches from community
2020-09-03 15:54:45 +08:00

47 lines
2.1 KiB
Diff
Raw Blame History

From 60a535f9f49fece2761a1c0c8069f87f7514182c Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Fri, 17 Apr 2020 16:22:06 +0800
Subject: [PATCH] Bug 702335: jbig2dec: Refill input buffer upon failure to
parse segment header.
Before commit 2b2dcf4ccf401ed210f03c858b304994749fd2b3 there was
a debug message when attempting to parse a a segment header and
the data supplied to jbig2dec was not enough. Commit 2b2dcf4
incorrectly changed the debug message into a fatal error message,
due misinterpreting the message text as something that warranted
a fatal error.
When data was supplied in chunks to jbig2_data_in() in repeated
calls such that a segment header's referred-to segment numbers
field straddled a chunk boundary then jbig2dec would indicate a
fatal error. The file in bug 702335 caused this to happen.
Instead jbig2dec should be asking the caller for more data so
that the entire segment header can be parsed during a single call
to jbig2_data_in().
By convering the fatal error back to a a debug message the problem
is resolved. The message itself is also rewored to clearly
indicate that the situation is non-fatal and that the caller will
be asked to provide more data.
---
jbig2dec/jbig2_segment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jbig2dec/jbig2_segment.c b/jbig2dec/jbig2_segment.c
index f901a03..d5c4075 100644
--- a/jbig2dec/jbig2_segment.c
+++ b/jbig2dec/jbig2_segment.c
@@ -88,7 +88,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
referred_to_segment_size = result->number <= 256 ? 1 : result->number <= 65536 ? 2 : 4; /* 7.2.5 */
pa_size = result->flags & 0x40 ? 4 : 1; /* 7.2.6 */
if (offset + referred_to_segment_count * referred_to_segment_size + pa_size + 4 > buf_size) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, result->number, "insufficient data to parse segment header");
+ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, result->number, "attempted to parse segment header with insufficient data, asking for more data");
jbig2_free(ctx->allocator, result);
return NULL;
}
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink