From c4cb8b5d1460bbf080366817d26c08685490d541 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.co.uk>
Date: Thu, 1 Dec 2016 17:31:41 +0100
Subject: xmlsecurity PDF verify: avoid seeking before the start of the stream

Happened when the doc was smaller than 1024 bytes.

Change-Id: Ie5eea5905a09722e7958495d26e6c78ee234d3ba
Reviewed-on: https://gerrit.libreoffice.org/31500
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
---
 xmlsecurity/qa/unit/pdfsigning/data/small.pdf | Bin 0 -> 834 bytes
 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx |   2 ++
 xmlsecurity/source/pdfio/pdfdocument.cxx      |   6 +++++-
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 xmlsecurity/qa/unit/pdfsigning/data/small.pdf

(limited to 'xmlsecurity')

diff --git a/xmlsecurity/qa/unit/pdfsigning/data/small.pdf b/xmlsecurity/qa/unit/pdfsigning/data/small.pdf
new file mode 100644
index 000000000000..60675454f9d3
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/small.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 6e5e476532ee..fae2a71d38f7 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -394,6 +394,8 @@ void PDFSigningTest::testTokenize()
         OUStringLiteral("name-bracket.pdf"),
         // %%EOF at the end wasn't followed by a newline.
         OUStringLiteral("noeol.pdf"),
+        // File that's intentionally smaller than 1024 bytes.
+        OUStringLiteral("small.pdf"),
     };
 
     for (const auto& rName : aNames)
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 3adf02562cf3..fd364779bca9 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -1392,7 +1392,11 @@ size_t PDFDocument::FindStartXRef(SvStream& rStream)
     // Find the "startxref" token, somewhere near the end of the document.
     std::vector<char> aBuf(1024);
     rStream.Seek(STREAM_SEEK_TO_END);
-    rStream.SeekRel(static_cast<sal_Int64>(-1) * aBuf.size());
+    if (rStream.Tell() > aBuf.size())
+        rStream.SeekRel(static_cast<sal_Int64>(-1) * aBuf.size());
+    else
+        // The document is really short, then just read it from the start.
+        rStream.Seek(0);
     size_t nBeforePeek = rStream.Tell();
     size_t nSize = rStream.ReadBytes(aBuf.data(), aBuf.size());
     rStream.Seek(nBeforePeek);
-- 
cgit