From 071f89084722c5fefdf90bfd7f614e6a0939ddd5 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Sun, 10 Dec 2023 10:32:16 -0500 Subject: [PATCH] LibPDF: Require whitespace in front of inline image marker EI Fixes a crash on page 3 of 0000450.pdf of 0000.zip, where we previously started interpreting the middle of an inline image content stream as operators, since it contained `EI` in its pixel data. --- Userland/Libraries/LibPDF/Parser.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Userland/Libraries/LibPDF/Parser.cpp b/Userland/Libraries/LibPDF/Parser.cpp index ccbd9171dd..25f33464c8 100644 --- a/Userland/Libraries/LibPDF/Parser.cpp +++ b/Userland/Libraries/LibPDF/Parser.cpp @@ -559,12 +559,13 @@ PDFErrorOr> Parser::parse_operators() // FIXME: Check for ASCIIHexDecode and ASCII85Decode. m_reader.consume(1); - // FIXME: `EI` can be part of the image data, e.g. on page 3 of 0000450.pdf of 0000.zip of the RGBA dataset. while (!m_reader.done()) { - if (m_reader.matches("EI")) { + // FIXME: Should we allow EI after matches_delimiter() too? + bool expecting_ei = m_reader.matches_whitespace(); + m_reader.consume(); + if (expecting_ei && m_reader.matches("EI")) { break; } - m_reader.consume(); } if (m_reader.done())