[librsvg] bgo#785276: Don't crash on empty or single-byte files

[Federico Mena Quintero <federico src gnome org>]

commit 86bb7e1e43312314ca53417b85df7f6667dfa78a
Author: Federico Mena Quintero <federico gnome org>
Date:   Tue Aug 29 09:19:41 2017 -0500

    bgo#785276: Don't crash on empty or single-byte files
    
    Sigh...
    
    We also modify tests/crash.c to test for this condition, and add a
    couple of new tests.

 rsvg-base.c                                |   11 ++++++++++-
 tests/crash.c                              |   12 ++++++++----
 tests/fixtures/crash/785276-short-file.svg |    1 +
 3 files changed, 19 insertions(+), 5 deletions(-)
---
diff --git a/rsvg-base.c b/rsvg-base.c
index 0a0c93a..271badc 100644
--- a/rsvg-base.c
+++ b/rsvg-base.c
@@ -1987,6 +1987,7 @@ rsvg_handle_read_stream_sync (RsvgHandle   *handle,
     GError *err = NULL;
     gboolean res = FALSE;
     const guchar *buf;
+    gssize num_read;
 
     g_return_val_if_fail (RSVG_IS_HANDLE (handle), FALSE);
     g_return_val_if_fail (G_IS_INPUT_STREAM (stream), FALSE);
@@ -1997,9 +1998,17 @@ rsvg_handle_read_stream_sync (RsvgHandle   *handle,
 
     /* detect zipped streams */
     stream = g_buffered_input_stream_new (stream);
-    if (g_buffered_input_stream_fill (G_BUFFERED_INPUT_STREAM (stream), 2, cancellable, error) != 2) {
+    num_read = g_buffered_input_stream_fill (G_BUFFERED_INPUT_STREAM (stream), 2, cancellable, error);
+    if (num_read < 2) {
         g_object_unref (stream);
         priv->state = RSVG_HANDLE_STATE_CLOSED_ERROR;
+        if (num_read < 0) {
+            g_assert (error == NULL || *error != NULL);
+        } else {
+            g_set_error (error, rsvg_error_quark (), RSVG_ERROR_FAILED,
+                         _("Input file is too short"));
+        }
+
         return FALSE;
     }
     buf = g_buffered_input_stream_peek_buffer (G_BUFFERED_INPUT_STREAM (stream), NULL);
diff --git a/tests/crash.c b/tests/crash.c
index 57c2ba7..2da4f31 100644
--- a/tests/crash.c
+++ b/tests/crash.c
@@ -1,3 +1,4 @@
+/* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /* vim: set ts=4 nowrap ai expandtab sw=4: */
 
 #include <glib.h>
@@ -13,10 +14,13 @@ test_crash (gconstpointer data)
     GError *error = NULL;
 
     handle = rsvg_handle_new_from_gfile_sync (file, RSVG_HANDLE_FLAGS_NONE, NULL, &error);
-    g_assert_no_error (error);
-    g_assert (handle != NULL);
-
-    g_object_unref (handle);
+    if (handle) {
+        g_assert_no_error (error);
+        g_object_unref (handle);
+    } else {
+        g_assert (error != NULL);
+        g_error_free (error);
+    }
 }
 
 int
diff --git a/tests/fixtures/crash/785276-empty.svg b/tests/fixtures/crash/785276-empty.svg
new file mode 100644
index 0000000..e69de29
diff --git a/tests/fixtures/crash/785276-short-file.svg b/tests/fixtures/crash/785276-short-file.svg
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/tests/fixtures/crash/785276-short-file.svg
@@ -0,0 +1 @@
+