commit aa40560780b0cbea24d03b68570f3aac3b352da5
from: Sven M. Hallberg <pesco@khjk.org>
date: Thu Mar 30 13:40:42 2023 UTC

report location of invalid startxref

This is useful information, especially in hex, when looking into the file.
The invalid value itself, on the other hand, is not so useful.

commit - 550c070d23ab6702b3961e54b5d19bc6aad33e04
commit + aa40560780b0cbea24d03b68570f3aac3b352da5
blob - 97b2bb0f10f9d97613479336e3f5212ab2c59ce0
blob + 14e4a1da670fc0f1db89b2baf1e3047482adba13
--- pdf.c
+++ pdf.c
@@ -4957,12 +4957,12 @@ parse_xrefs(const uint8_t *input, size_t sz, size_t *n
 	HParseResult *res = NULL;
 	const HParsedToken **xrefs = NULL;	/* empty result */
 	const HParsedToken *tok = NULL;
-	size_t n = 0, nfwd = 0;
+	size_t i, n = 0, nfwd = 0;
 	size_t offset = 0;
 
 	/* search for the "startxref" section from the back of the file */
 	HParser *p = h_left(p_startxref, h_end_p());	// XXX alloc elsewhere?
-	for (size_t i = 0; i < sz; i++) {
+	for (i = 0; i < sz; i++) {
 		res = h_parse(p, input + sz - i, i);
 		if (res != NULL)
 			break;
@@ -4979,8 +4979,8 @@ parse_xrefs(const uint8_t *input, size_t sz, size_t *n
 	// verify the offset recovered is bounded to be in the file
 	// XXX this check is already present below by virtue of h_seek()
 	if (offset > sz) {
-		log_message(5, "VIOLATION[5]: startxref %zu (%#zx) out of bounds\n",
-				offset, offset);
+		log_message(5, "VIOLATION[5]: startxref at %zu (%#zx) points outside the file\n",
+				sz - i, sz - i);
 		goto end;
 	}