commit 27b2ab1324d48686fe455b1c1fe98f8b533a2b8b
from: xentrac <xentrac@special-circumstanc.es>
date: Fri Feb 26 04:13:29 2021 UTC

Fix segfault on dictionaries with odd lengths

It’s probably a bug that our dictionary parser is inserting a
key-value “pair” into our dictionary structure which just has a key
but no value, but the proximal cause of the crash was that `dictentry`
is reading off the end of the key-value pair and getting a null
pointer.

This fixes the bug revealed by the instigator in input file
assertion-a-used-failed.

commit - c9ab81f899e5ed4668d95cf5d250364c5ba50922
commit + 27b2ab1324d48686fe455b1c1fe98f8b533a2b8b
blob - c2d370e2a67ee3320b3b7ed10179087ef21e2ecb
blob + 684ca54e5a50a85ca35655c1afacde1dd440966c
--- pdf.c
+++ pdf.c
@@ -157,7 +157,7 @@ dictentry(const Dict *dict, const char *key)
 		ent = dict->elements[i];
 		k = H_INDEX_BYTES(ent, 0);
 
-		if (k.len == len && bytes_eq(k, key))
+		if (k.len == len && bytes_eq(k, key) && h_seq_len(ent) > 1)
 			return H_INDEX_TOKEN(ent, 1);
 	}