summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun Fang <jun_fang@foxitsoftware.com>2014-08-22 17:06:32 -0700
committerJun Fang <jun_fang@foxitsoftware.com>2014-08-22 17:06:32 -0700
commitc655167ed83f78a38264457e65dd11e653ab981d (patch)
treea81b38c5cf8a1848ea6c5a67e38a0e4b8798b800
parentaeacba4a612a0a35b3e834d778716968c661f3ec (diff)
downloadpdfium-c655167ed83f78a38264457e65dd11e653ab981d.tar.xz
Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize'
BUG=387983 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/454283002
-rw-r--r--core/include/fpdfapi/fpdf_parser.h230
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp41
2 files changed, 138 insertions, 133 deletions
diff --git a/core/include/fpdfapi/fpdf_parser.h b/core/include/fpdfapi/fpdf_parser.h
index 7cab2117a2..10072027b3 100644
--- a/core/include/fpdfapi/fpdf_parser.h
+++ b/core/include/fpdfapi/fpdf_parser.h
@@ -952,198 +952,196 @@ public:
CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead);
~CPDF_DataAvail();
- virtual FX_BOOL IsDocAvail(IFX_DownloadHints* pHints) FX_OVERRIDE;
+ virtual FX_BOOL IsDocAvail(IFX_DownloadHints* pHints) FX_OVERRIDE;
+ virtual void SetDocument(CPDF_Document* pDoc) FX_OVERRIDE;
- virtual void SetDocument(CPDF_Document* pDoc) FX_OVERRIDE;
+ virtual FX_BOOL IsPageAvail(int iPage, IFX_DownloadHints* pHints) FX_OVERRIDE;
+ virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE;
- virtual FX_BOOL IsPageAvail(int iPage, IFX_DownloadHints* pHints) FX_OVERRIDE;
+ virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE;
- virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE;
-
- virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE;
-
- virtual FX_BOOL IsLinearized() FX_OVERRIDE
+ virtual FX_BOOL IsLinearized() FX_OVERRIDE
{
return m_bLinearized;
}
- virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE;
- IFX_FileRead* GetFileRead() const
+ virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE;
+ IFX_FileRead* GetFileRead() const
{
return m_pFileRead;
}
- IFX_FileAvail* GetFileAvail() const
+ IFX_FileAvail* GetFileAvail() const
{
return m_pFileAvail;
}
protected:
- FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset);
- FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array);
- FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints);
- FX_BOOL CheckHeader(IFX_DownloadHints* pHints);
- FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints);
- FX_BOOL CheckEnd(IFX_DownloadHints *pHints);
- FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints);
- FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHints);
- FX_BOOL CheckTrailer(IFX_DownloadHints* pHints);
- FX_BOOL CheckRoot(IFX_DownloadHints* pHints);
- FX_BOOL CheckInfo(IFX_DownloadHints* pHints);
- FX_BOOL CheckPages(IFX_DownloadHints* pHints);
- FX_BOOL CheckPage(IFX_DownloadHints* pHints);
- FX_BOOL CheckResources(IFX_DownloadHints* pHints);
- FX_BOOL CheckAnnots(IFX_DownloadHints* pHints);
- FX_BOOL CheckAcroForm(IFX_DownloadHints* pHints);
- FX_BOOL CheckAcroFormSubObject(IFX_DownloadHints* pHints);
- FX_BOOL CheckTrailerAppend(IFX_DownloadHints* pHints);
- FX_BOOL CheckPageStatus(IFX_DownloadHints* pHints);
- FX_BOOL CheckAllCrossRefStream(IFX_DownloadHints *pHints);
+ FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset);
+ FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array);
+ FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints);
+ FX_BOOL CheckHeader(IFX_DownloadHints* pHints);
+ FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints);
+ FX_BOOL CheckEnd(IFX_DownloadHints *pHints);
+ FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints);
+ FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHints);
+ FX_BOOL CheckTrailer(IFX_DownloadHints* pHints);
+ FX_BOOL CheckRoot(IFX_DownloadHints* pHints);
+ FX_BOOL CheckInfo(IFX_DownloadHints* pHints);
+ FX_BOOL CheckPages(IFX_DownloadHints* pHints);
+ FX_BOOL CheckPage(IFX_DownloadHints* pHints);
+ FX_BOOL CheckResources(IFX_DownloadHints* pHints);
+ FX_BOOL CheckAnnots(IFX_DownloadHints* pHints);
+ FX_BOOL CheckAcroForm(IFX_DownloadHints* pHints);
+ FX_BOOL CheckAcroFormSubObject(IFX_DownloadHints* pHints);
+ FX_BOOL CheckTrailerAppend(IFX_DownloadHints* pHints);
+ FX_BOOL CheckPageStatus(IFX_DownloadHints* pHints);
+ FX_BOOL CheckAllCrossRefStream(IFX_DownloadHints *pHints);
- FX_DWORD CheckCrossRefStream(IFX_DownloadHints *pHints, FX_FILESIZE &xref_offset);
- FX_BOOL IsLinearizedFile(FX_LPBYTE pData, FX_DWORD dwLen);
- void SetStartOffset(FX_FILESIZE dwOffset);
- FX_BOOL GetNextToken(CFX_ByteString &token);
- FX_BOOL GetNextChar(FX_BYTE &ch);
- CPDF_Object * ParseIndirectObjectAt(FX_FILESIZE pos, FX_DWORD objnum);
- CPDF_Object * GetObject(FX_DWORD objnum, IFX_DownloadHints* pHints, FX_BOOL *pExistInFile);
- FX_BOOL GetPageKids(CPDF_Parser *pParser, CPDF_Object *pPages);
- FX_BOOL PreparePageItem();
- FX_BOOL LoadPages(IFX_DownloadHints* pHints);
- FX_BOOL LoadAllXref(IFX_DownloadHints* pHints);
- FX_BOOL LoadAllFile(IFX_DownloadHints* pHints);
- FX_BOOL CheckLinearizedData(IFX_DownloadHints* pHints);
- FX_BOOL CheckFileResources(IFX_DownloadHints* pHints);
- FX_BOOL CheckPageAnnots(int iPage, IFX_DownloadHints* pHints);
+ FX_DWORD CheckCrossRefStream(IFX_DownloadHints *pHints, FX_FILESIZE &xref_offset);
+ FX_BOOL IsLinearizedFile(FX_LPBYTE pData, FX_DWORD dwLen);
+ void SetStartOffset(FX_FILESIZE dwOffset);
+ FX_BOOL GetNextToken(CFX_ByteString &token);
+ FX_BOOL GetNextChar(FX_BYTE &ch);
+ CPDF_Object * ParseIndirectObjectAt(FX_FILESIZE pos, FX_DWORD objnum);
+ CPDF_Object * GetObject(FX_DWORD objnum, IFX_DownloadHints* pHints, FX_BOOL *pExistInFile);
+ FX_BOOL GetPageKids(CPDF_Parser *pParser, CPDF_Object *pPages);
+ FX_BOOL PreparePageItem();
+ FX_BOOL LoadPages(IFX_DownloadHints* pHints);
+ FX_BOOL LoadAllXref(IFX_DownloadHints* pHints);
+ FX_BOOL LoadAllFile(IFX_DownloadHints* pHints);
+ FX_BOOL CheckLinearizedData(IFX_DownloadHints* pHints);
+ FX_BOOL CheckFileResources(IFX_DownloadHints* pHints);
+ FX_BOOL CheckPageAnnots(int iPage, IFX_DownloadHints* pHints);
- FX_BOOL CheckLinearizedFirstPage(int iPage, IFX_DownloadHints* pHints);
- FX_BOOL HaveResourceAncestor(CPDF_Dictionary *pDict);
- FX_BOOL CheckPage(FX_INT32 iPage, IFX_DownloadHints* pHints);
- FX_BOOL LoadDocPages(IFX_DownloadHints* pHints);
- FX_BOOL LoadDocPage(FX_INT32 iPage, IFX_DownloadHints* pHints);
- FX_BOOL CheckPageNode(CPDF_PageNode &pageNodes, FX_INT32 iPage, FX_INT32 &iCount, IFX_DownloadHints* pHints);
- FX_BOOL CheckUnkownPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints);
- FX_BOOL CheckArrayPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints);
- FX_BOOL CheckPageCount(IFX_DownloadHints* pHints);
- FX_BOOL IsFirstCheck(int iPage);
- void ResetFirstCheck(int iPage);
+ FX_BOOL CheckLinearizedFirstPage(int iPage, IFX_DownloadHints* pHints);
+ FX_BOOL HaveResourceAncestor(CPDF_Dictionary *pDict);
+ FX_BOOL CheckPage(FX_INT32 iPage, IFX_DownloadHints* pHints);
+ FX_BOOL LoadDocPages(IFX_DownloadHints* pHints);
+ FX_BOOL LoadDocPage(FX_INT32 iPage, IFX_DownloadHints* pHints);
+ FX_BOOL CheckPageNode(CPDF_PageNode &pageNodes, FX_INT32 iPage, FX_INT32 &iCount, IFX_DownloadHints* pHints);
+ FX_BOOL CheckUnkownPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints);
+ FX_BOOL CheckArrayPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints);
+ FX_BOOL CheckPageCount(IFX_DownloadHints* pHints);
+ FX_BOOL IsFirstCheck(int iPage);
+ void ResetFirstCheck(int iPage);
- CPDF_Parser m_parser;
+ CPDF_Parser m_parser;
- CPDF_SyntaxParser m_syntaxParser;
+ CPDF_SyntaxParser m_syntaxParser;
- CPDF_Object *m_pRoot;
+ CPDF_Object *m_pRoot;
- FX_DWORD m_dwRootObjNum;
+ FX_DWORD m_dwRootObjNum;
- FX_DWORD m_dwInfoObjNum;
+ FX_DWORD m_dwInfoObjNum;
- CPDF_Object *m_pLinearized;
+ CPDF_Object *m_pLinearized;
- CPDF_Object *m_pTrailer;
+ CPDF_Object *m_pTrailer;
- FX_BOOL m_bDocAvail;
+ FX_BOOL m_bDocAvail;
- FX_FILESIZE m_dwHeaderOffset;
+ FX_FILESIZE m_dwHeaderOffset;
- FX_FILESIZE m_dwLastXRefOffset;
+ FX_FILESIZE m_dwLastXRefOffset;
- FX_FILESIZE m_dwXRefOffset;
+ FX_FILESIZE m_dwXRefOffset;
- FX_FILESIZE m_dwTrailerOffset;
+ FX_FILESIZE m_dwTrailerOffset;
- FX_FILESIZE m_dwCurrentOffset;
+ FX_FILESIZE m_dwCurrentOffset;
- PDF_DATAAVAIL_STATUS m_docStatus;
+ PDF_DATAAVAIL_STATUS m_docStatus;
- IFX_FileAvail* m_pFileAvail;
+ IFX_FileAvail* m_pFileAvail;
- IFX_FileRead* m_pFileRead;
+ IFX_FileRead* m_pFileRead;
- FX_FILESIZE m_dwFileLen;
+ FX_FILESIZE m_dwFileLen;
- CPDF_Document* m_pDocument;
+ CPDF_Document* m_pDocument;
- CPDF_SortObjNumArray m_objnum_array;
+ CPDF_SortObjNumArray m_objnum_array;
- CFX_PtrArray m_objs_array;
+ CFX_PtrArray m_objs_array;
- FX_FILESIZE m_Pos;
+ FX_FILESIZE m_Pos;
- FX_FILESIZE m_bufferOffset;
+ FX_FILESIZE m_bufferOffset;
- FX_DWORD m_bufferSize;
+ FX_DWORD m_bufferSize;
- CFX_ByteString m_WordBuf;
+ CFX_ByteString m_WordBuf;
- FX_BYTE m_WordBuffer[257];
+ FX_BYTE m_WordBuffer[257];
- FX_DWORD m_WordSize;
+ FX_DWORD m_WordSize;
- FX_BYTE m_bufferData[512];
+ FX_BYTE m_bufferData[512];
- CFX_FileSizeArray m_CrossOffset;
+ CFX_FileSizeArray m_CrossOffset;
- CFX_DWordArray m_XRefStreamList;
+ CFX_DWordArray m_XRefStreamList;
- CFX_DWordArray m_PageObjList;
+ CFX_DWordArray m_PageObjList;
- FX_DWORD m_PagesObjNum;
+ FX_DWORD m_PagesObjNum;
- FX_BOOL m_bLinearized;
+ FX_BOOL m_bLinearized;
- FX_DWORD m_dwFirstPageNo;
+ FX_DWORD m_dwFirstPageNo;
- FX_BOOL m_bLinearedDataOK;
+ FX_BOOL m_bLinearedDataOK;
- FX_BOOL m_bMainXRefLoad;
+ FX_BOOL m_bMainXRefLoadTried;
- FX_BOOL m_bMainXRefLoadedOK;
+ FX_BOOL m_bMainXRefLoadedOK;
- FX_BOOL m_bPagesTreeLoad;
+ FX_BOOL m_bPagesTreeLoad;
- FX_BOOL m_bPagesLoad;
+ FX_BOOL m_bPagesLoad;
- CPDF_Parser * m_pCurrentParser;
+ CPDF_Parser * m_pCurrentParser;
- FX_FILESIZE m_dwCurrentXRefSteam;
+ FX_FILESIZE m_dwCurrentXRefSteam;
- FX_BOOL m_bAnnotsLoad;
+ FX_BOOL m_bAnnotsLoad;
- FX_BOOL m_bHaveAcroForm;
+ FX_BOOL m_bHaveAcroForm;
- FX_DWORD m_dwAcroFormObjNum;
+ FX_DWORD m_dwAcroFormObjNum;
- FX_BOOL m_bAcroFormLoad;
+ FX_BOOL m_bAcroFormLoad;
- CPDF_Object * m_pAcroForm;
+ CPDF_Object * m_pAcroForm;
- CFX_PtrArray m_arrayAcroforms;
+ CFX_PtrArray m_arrayAcroforms;
- CPDF_Dictionary * m_pPageDict;
+ CPDF_Dictionary * m_pPageDict;
- CPDF_Object * m_pPageResource;
+ CPDF_Object * m_pPageResource;
- FX_BOOL m_bNeedDownLoadResource;
+ FX_BOOL m_bNeedDownLoadResource;
- FX_BOOL m_bPageLoadedOK;
+ FX_BOOL m_bPageLoadedOK;
- FX_BOOL m_bLinearizedFormParamLoad;
+ FX_BOOL m_bLinearizedFormParamLoad;
- CFX_PtrArray m_PagesArray;
+ CFX_PtrArray m_PagesArray;
- FX_DWORD m_dwEncryptObjNum;
+ FX_DWORD m_dwEncryptObjNum;
- FX_FILESIZE m_dwPrevXRefOffset;
+ FX_FILESIZE m_dwPrevXRefOffset;
- FX_BOOL m_bTotalLoadPageTree;
+ FX_BOOL m_bTotalLoadPageTree;
- FX_BOOL m_bCurPageDictLoadOK;
+ FX_BOOL m_bCurPageDictLoadOK;
- CPDF_PageNode m_pageNodes;
+ CPDF_PageNode m_pageNodes;
- CFX_CMapDWordToDWord * m_pageMapCheckState;
+ CFX_CMapDWordToDWord * m_pageMapCheckState;
- CFX_CMapDWordToDWord * m_pagesLoadState;
+ CFX_CMapDWordToDWord * m_pagesLoadState;
};
#endif
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index ce397d2a53..d05dea4470 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -2729,7 +2729,7 @@ CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea
m_dwPrevXRefOffset = 0;
m_dwLastXRefOffset = 0;
m_bDocAvail = FALSE;
- m_bMainXRefLoad = FALSE;
+ m_bMainXRefLoadTried = FALSE;
m_bDocAvail = FALSE;
m_bLinearized = FALSE;
m_bPagesLoad = FALSE;
@@ -4107,23 +4107,30 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedData(IFX_DownloadHints* pHints)
if (m_bLinearedDataOK) {
return TRUE;
}
- if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset))) {
- pHints->AddSegment(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset));
- return FALSE;
- }
- FX_DWORD dwRet = 0;
- if (!m_bMainXRefLoad) {
- dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();
- if (dwRet == PDFPARSE_ERROR_SUCCESS) {
- if (!PreparePageItem()) {
- return FALSE;
- }
- m_bMainXRefLoadedOK = TRUE;
+
+ if (!m_bMainXRefLoadTried) {
+ FX_SAFE_DWORD data_size = m_dwFileLen;
+ data_size -= m_dwLastXRefOffset;
+ if (!data_size.IsValid()) {
+ return FALSE;
+ }
+ if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, data_size.ValueOrDie())) {
+ pHints->AddSegment(m_dwLastXRefOffset, data_size.ValueOrDie());
+ return FALSE;
}
- m_bMainXRefLoad = TRUE;
+ FX_DWORD dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();
+ m_bMainXRefLoadTried = TRUE;
+ if (dwRet != PDFPARSE_ERROR_SUCCESS) {
+ return FALSE;
+ }
+ if (!PreparePageItem()) {
+ return FALSE;
+ }
+ m_bMainXRefLoadedOK = TRUE;
+ m_bLinearedDataOK = TRUE;
}
- m_bLinearedDataOK = TRUE;
- return TRUE;
+
+ return m_bLinearedDataOK;
}
FX_BOOL CPDF_DataAvail::CheckPageAnnots(FX_INT32 iPage, IFX_DownloadHints* pHints)
{
@@ -4351,7 +4358,7 @@ FX_INT32 CPDF_DataAvail::IsFormAvail(IFX_DownloadHints *pHints)
if (!pAcroForm) {
return PDFFORM_NOTEXIST;
}
- if (!m_bMainXRefLoad && !CheckLinearizedData(pHints)) {
+ if (!CheckLinearizedData(pHints)) {
return PDFFORM_NOTAVAIL;
}
if (!m_objs_array.GetSize()) {