From f4a95de6942dd03ade7c25751d2fa8fcca5a2426 Mon Sep 17 00:00:00 2001 From: Jonas Jenwald Date: Thu, 1 Feb 2018 10:35:38 +0100 Subject: [PATCH] Attempt to find the next valid marker when encountering invalid image data in `JpegImage.parse` (issue 9425) In the JPEG images in the referenced PDF file, the DHT (Define Huffman Tables) segments contain more data than expected based on the length parameter. Fixes 9425. --- src/core/jpg.js | 17 ++++++++++++----- test/pdfs/issue9425.pdf.link | 1 + test/test_manifest.json | 8 ++++++++ 3 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 test/pdfs/issue9425.pdf.link diff --git a/src/core/jpg.js b/src/core/jpg.js index d7faa25ab..9f25683a8 100644 --- a/src/core/jpg.js +++ b/src/core/jpg.js @@ -369,7 +369,7 @@ var JpegImage = (function JpegImageClosure() { // Some bad images seem to pad Scan blocks with e.g. zero bytes, skip past // those to attempt to find a valid marker (fixes issue4090.pdf). if (fileMarker && fileMarker.invalid) { - warn('decodeScan - unexpected MCU data, next marker is: ' + + warn('decodeScan - unexpected MCU data, current marker is: ' + fileMarker.invalid); offset = fileMarker.offset; } @@ -389,7 +389,7 @@ var JpegImage = (function JpegImageClosure() { // Some images include more Scan blocks than expected, skip past those and // attempt to find the next valid marker (fixes issue8182.pdf). if (fileMarker && fileMarker.invalid) { - warn('decodeScan - unexpected Scan data, next marker is: ' + + warn('decodeScan - unexpected Scan data, current marker is: ' + fileMarker.invalid); offset = fileMarker.offset; } @@ -601,12 +601,12 @@ var JpegImage = (function JpegImageClosure() { return component.blockData; } - function findNextFileMarker(data, currentPos, startPos) { + function findNextFileMarker(data, currentPos, startPos = currentPos) { function peekUint16(pos) { return (data[pos] << 8) | data[pos + 1]; } - var maxPos = data.length - 1; + const maxPos = data.length - 1; var newPos = startPos < currentPos ? startPos : currentPos; if (currentPos >= maxPos) { @@ -649,7 +649,7 @@ var JpegImage = (function JpegImageClosure() { var fileMarker = findNextFileMarker(data, endOffset, offset); if (fileMarker && fileMarker.invalid) { - warn('readDataBlock - incorrect length, next marker is: ' + + warn('readDataBlock - incorrect length, current marker is: ' + fileMarker.invalid); endOffset = fileMarker.offset; } @@ -874,6 +874,13 @@ var JpegImage = (function JpegImageClosure() { offset -= 3; break; } + let nextFileMarker = findNextFileMarker(data, offset - 2); + if (nextFileMarker && nextFileMarker.invalid) { + warn('JpegImage.parse - unexpected data, current marker is: ' + + nextFileMarker.invalid); + offset = nextFileMarker.offset; + break; + } throw new JpegError('unknown marker ' + fileMarker.toString(16)); } fileMarker = readUint16(); diff --git a/test/pdfs/issue9425.pdf.link b/test/pdfs/issue9425.pdf.link new file mode 100644 index 000000000..eab0e042d --- /dev/null +++ b/test/pdfs/issue9425.pdf.link @@ -0,0 +1 @@ +https://github.com/mozilla/pdf.js/files/1682471/Test.pdf diff --git a/test/test_manifest.json b/test/test_manifest.json index 170cd9b94..5d56a8a00 100644 --- a/test/test_manifest.json +++ b/test/test_manifest.json @@ -860,6 +860,14 @@ "lastPage": 1, "type": "eq" }, + { "id": "issue9425", + "file": "pdfs/issue9425.pdf", + "md5": "cb5e99c9ada308304ca2dfcb7f72e3a0", + "rounds": 1, + "link": true, + "lastPage": 1, + "type": "eq" + }, { "id": "txt2pdf", "file": "pdfs/txt2pdf.pdf", "md5": "02cefa0f5e8d96313bb05163b2f88c8c",