From a94544dd6668f4c9b0d0037b2f3474c4d7e896aa Mon Sep 17 00:00:00 2001
From: Thomas Vermeilh <ory@oryctero.pe>
Date: Fri, 2 Aug 2024 14:58:18 +0200
Subject: [PATCH] fix panic on malformed trailer ID

Found this bug by fuzzing.

If the trailer ID is an empty array, load_storage_and_trailer_password() will
panic when trying to access the first byte of an encrypted document.

Note that shouldn't happen on valid documents, the ID is supposed to be a
an array of two byte strings.
---
 pdf/src/file.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pdf/src/file.rs b/pdf/src/file.rs
index 2b454c6..8e5c327 100644
--- a/pdf/src/file.rs
+++ b/pdf/src/file.rs
@@ -164,7 +164,12 @@ where
                     typ: "Trailer",
                     field: "ID".into(),
                 })?
-                .as_array()?[0]
+                .as_array()?
+                .get(0)
+                .ok_or(PdfError::MissingEntry {
+                    typ: "Trailer",
+                    field: "ID[0]".into()
+                })?
                 .as_string()?
                 .as_bytes();