Forget both local and normal xref when repairing PDFs.

Also introduce a convenience function that does this.

This fixes OSS-fuzz issue 32037.

diff --git a/include/mupdf/pdf/xref.h b/include/mupdf/pdf/xref.h
index 41b06ffb21a56f509e8b94a63cc6e7eb8de05e33..732d33c686d5856ca97255e299a04b133faeb677 100644 (file)
--- a/include/mupdf/pdf/xref.h
+++ b/include/mupdf/pdf/xref.h
@@ -217,6 +217,7 @@ int pdf_was_pure_xfa(fz_context *ctx, pdf_document *doc);
 pdf_xref *pdf_new_local_xref(fz_context *ctx, pdf_document *doc);
 
 void pdf_drop_local_xref(fz_context *ctx, pdf_xref *xref);
+void pdf_drop_local_xref_and_resources(fz_context *ctx, pdf_document *doc);
 
 /* Debug call to dump the incremental/local xrefs to the
  * debug channel. */

diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c
index 9c91a51d26ba2e49d47dd91a4f745895c175fe38..5f0677e493bf1bb5b276f2e02112c690ca62c217 100644 (file)
--- a/source/pdf/pdf-appearance.c
+++ b/source/pdf/pdf-appearance.c
@@ -2613,12 +2613,9 @@ void pdf_annot_pop_and_discard_local_xref(fz_context *ctx, pdf_annot *annot)
        if (doc->local_xref)
                fz_write_printf(ctx, fz_stddbg(ctx), "pop and discard local_xref for annot\n");
 #endif
-       pdf_purge_locals_from_store(ctx, doc);
        --doc->local_xref_nesting;
        assert(doc->local_xref_nesting == 0);
-       pdf_purge_local_font_resources(ctx, doc);
-       pdf_drop_local_xref(ctx, doc->local_xref);
-       doc->local_xref = NULL;
+       pdf_drop_local_xref_and_resources(ctx, doc);
 }
 
 static void pdf_update_appearance(fz_context *ctx, pdf_annot *annot)

diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c
index 2aef19cebe4c6d917527ebd70e331b8f1369ba4c..bee42a2df1454bd6f1c10f2fdcdba803f2d0c381 100644 (file)
--- a/source/pdf/pdf-object.c
+++ b/source/pdf/pdf-object.c
@@ -972,10 +972,7 @@ swap_fragments(fz_context *ctx, pdf_document *doc, pdf_journal_entry *entry)
        if (doc->local_xref_nesting != 0)
                fz_throw(ctx, FZ_ERROR_GENERIC, "Can't undo/redo within an operation");
 
-       pdf_purge_local_font_resources(ctx, doc);
-       pdf_purge_locals_from_store(ctx, doc);
-       pdf_drop_local_xref(ctx, doc->local_xref);
-       doc->local_xref = NULL;
+       pdf_drop_local_xref_and_resources(ctx, doc);
 
        for (frag = entry->head; frag != NULL; frag = frag->next)
        {
@@ -1394,10 +1391,7 @@ static void prepare_object_for_alteration(fz_context *ctx, pdf_obj *obj, pdf_obj
                        /* The local xref isn't in force, and we're about
                         * to edit the document. This invalidates it, so
                         * throw it away. */
-                       pdf_purge_local_font_resources(ctx, doc);
-                       pdf_purge_locals_from_store(ctx, doc);
-                       pdf_drop_local_xref(ctx, doc->local_xref);
-                       doc->local_xref = NULL;
+                       pdf_drop_local_xref_and_resources(ctx, doc);
                }
        }
 

diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 99dc707a1cba432c6658ad7b4065f27922fd1106..eeeb5e16384c0c25ef1952bb659a173a3810d4e9 100644 (file)
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -724,6 +724,8 @@ void pdf_forget_xref(fz_context *ctx, pdf_document *doc)
 {
        pdf_obj *trailer = pdf_keep_obj(ctx, pdf_trailer(ctx, doc));
 
+       pdf_drop_local_xref_and_resources(ctx, doc);
+
        if (doc->saved_xref_sections)
                pdf_drop_xref_sections_imp(ctx, doc, doc->saved_xref_sections, doc->saved_num_xref_sections);
 
@@ -4600,6 +4602,14 @@ void pdf_drop_local_xref(fz_context *ctx, pdf_xref *xref)
        fz_free(ctx, xref);
 }
 
+void pdf_drop_local_xref_and_resources(fz_context *ctx, pdf_document *doc)
+{
+       pdf_purge_local_font_resources(ctx, doc);
+       pdf_purge_locals_from_store(ctx, doc);
+       pdf_drop_local_xref(ctx, doc->local_xref);
+       doc->local_xref = NULL;
+}
+
 void
 pdf_debug_doc_changes(fz_context *ctx, pdf_document *doc)
 {