Bug 690889

Summary:	Potential NULL-dereference...
Product:	jbig2dec	Reporter:	Tor Andersson <tor.andersson>
Component:	Parsing	Assignee:	Henry Stiles <henry.stiles>
Status:	RESOLVED FIXED
Severity:	normal	CC:	christinedelight.top85, drugo.pedrouvene, masaki.ushizaka
Priority:	P4
Version:	master
Hardware:	All
OS:	All
URL:	http://code.google.com/p/sumatrapdf/issues/detail?id=716
Customer:		Word Size:	---

Description Tor Andersson 2009-11-05 11:10:24 UTC

A bug report (http://code.google.com/p/sumatrapdf/issues/detail?id=716) 
from sumatrapdf mentions a NULL-dereference. I checked this briefly and it 
seems to be a genuine issue, here is a probable call path:

jbig2_decode_symbol_dict(...)
    jbig2_decode_text_region(..., (Jbig2WordStream *)NULL);
        if (params->SBHUFF) {
          jbig2_huffman_new(..., ws); // ws is NULL here
             result->this_word = ws->get_next_word (ws, 0); // ws is NULL and is dereferenced here...

 / Sebastian

Comment 1 Ralph Giles 2009-11-05 17:27:11 UTC

Looks like you're right. Thanks for the report. Do you have a file which
exercises this?

Comment 2 Henry Stiles 2011-05-11 21:49:12 UTC

Fix in http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c309e8a33333da3c124732bb6b00b0701e85579

Comment 3 Henry Stiles 2011-05-11 22:30:37 UTC

*** Bug 690895 has been marked as a duplicate of this bug. ***