commit 970fb11a296b5bbdc5e8425851253d2c5913c45e Author: Leon Bottou <leon@bottou.org> Date: Tue Mar 26 20:36:31 2019 -0400 Fix bug#296 diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp index a6a39e0..0a0fac6 100644 --- a/libdjvu/DjVmDir.cpp +++ b/libdjvu/DjVmDir.cpp @@ -299,42 +299,44 @@ DjVmDir::decode(const GP<ByteStream> &gstr) memcpy((char*) strings+strings_size, buffer, length); } DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); - if (strings[strings.size()-1] != 0) - { - int strings_size=strings.size(); - strings.resize(strings_size+1); - strings[strings_size] = 0; - } + int strings_size=strings.size(); + strings.resize(strings_size+3); + memset((char*) strings+strings_size, 0, 4); - // Copy names into the files + // Copy names into the files const char * ptr=strings; for(pos=files_list;pos;++pos) { GP<File> file=files_list[pos]; - + if (ptr >= (const char*)strings + strings_size) + G_THROW( "DjVu document is corrupted (DjVmDir)" ); file->id=ptr; ptr+=file->id.length()+1; if (file->flags & File::HAS_NAME) { - file->name=ptr; - ptr+=file->name.length()+1; - } else + file->name=ptr; + ptr+=file->name.length()+1; + } + else { file->name=file->id; } if (file->flags & File::HAS_TITLE) { - file->title=ptr; - ptr+=file->title.length()+1; - } else - file->title=file->id; - /* msr debug: multipage file, file->title is null. + file->title=ptr; + ptr+=file->title.length()+1; + } + else + { + file->title=file->id; + } + /* msr debug: multipage file, file->title is null. DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " << file->offset << ", " << file->size << ", " << file->is_page() << "\n"); */ } - // Check that there is only one file with SHARED_ANNO flag on + // Check that there is only one file with SHARED_ANNO flag on int shared_anno_cnt=0; for(pos=files_list;pos;++pos) {