From bfd8faedf97839e9e1122715af95461690477a4b Mon Sep 17 00:00:00 2001 From: Matthew Olsson Date: Sun, 16 Jul 2023 14:35:43 -0700 Subject: [PATCH] LibPDF: Assert compressed xref's 2nd field is non-zero --- Userland/Libraries/LibPDF/DocumentParser.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Userland/Libraries/LibPDF/DocumentParser.cpp b/Userland/Libraries/LibPDF/DocumentParser.cpp index 04928e1568..718d055d36 100644 --- a/Userland/Libraries/LibPDF/DocumentParser.cpp +++ b/Userland/Libraries/LibPDF/DocumentParser.cpp @@ -387,6 +387,8 @@ PDFErrorOr> DocumentParser::parse_xref_stream() auto field_sizes = TRY(dict->get_array(m_document, "W")); if (field_sizes->size() != 3) return error("Malformed xref dictionary"); + if (field_sizes->at(1).get_u32() == 0) + return error("Malformed xref dictionary"); auto highest_object_number = dict->get_value("Size").get() - 1;