diff --git a/src/calibre/ebooks/compression/palmdoc.c b/src/calibre/ebooks/compression/palmdoc.c index dc8206f574..359b775dd6 100644 --- a/src/calibre/ebooks/compression/palmdoc.c +++ b/src/calibre/ebooks/compression/palmdoc.c @@ -43,7 +43,7 @@ typedef struct { #define CHAR(x) (( (x) > 127 ) ? (x)-256 : (x)) static bool -write_to_bytes_object(PyObject **output, Py_ssize_t pos, char ch) { +write_to_bytes_object(PyObject **output, size_t pos, char ch) { if (pos >= PyBytes_GET_SIZE(*output)) { if (_PyBytes_Resize(output, 2 * pos) != 0) return false; } @@ -54,15 +54,17 @@ write_to_bytes_object(PyObject **output, Py_ssize_t pos, char ch) { static PyObject * cpalmdoc_decompress(PyObject *self, PyObject *args) { const char *_input = NULL; Py_ssize_t input_len = 0; - Byte *input; Byte c; PyObject *ans; - Py_ssize_t i = 0, o = 0, j = 0, di, n; + Byte *input; Byte c; PyObject *ans = NULL; + Py_ssize_t i = 0, j = 0; + size_t o = 0, di = 0, n = 0; if (!PyArg_ParseTuple(args, "y#", &_input, &input_len)) return NULL; input = (Byte *) PyMem_Malloc(sizeof(Byte)*input_len); if (input == NULL) return PyErr_NoMemory(); // Map chars to bytes - for (j = 0; j < input_len; j++) + for (j = 0; j < input_len; j++) { input[j] = (_input[j] < 0) ? _input[j]+256 : _input[j]; + } ans = PyBytes_FromStringAndSize(NULL, 8*input_len); if (ans == NULL) { PyMem_Free(input); return NULL; } @@ -78,8 +80,10 @@ cpalmdoc_decompress(PyObject *self, PyObject *args) { } else if (i < input_len) { // 80-BF repeat sequences c = (c << 8) + input[i++]; di = (c & 0x3FFF) >> 3; - for ( n = (c & 7) + 3; n--; ++o ) { - if (!write_to_bytes_object(&ans, o, PyBytes_AS_STRING(ans)[o-di])) { PyMem_Free(input); return NULL; } + if (di <= o) { + for ( n = (c & 7) + 3; n--; ++o ) { + if (!write_to_bytes_object(&ans, o, PyBytes_AS_STRING(ans)[o-di])) { PyMem_Free(input); return NULL; } + } } } }