diff options
author | Dan Sinclair <dsinclair@chromium.org> | 2015-10-27 12:08:20 -0400 |
---|---|---|
committer | Dan Sinclair <dsinclair@chromium.org> | 2015-10-27 12:08:20 -0400 |
commit | 4ef782ab57979add3e3910d6bcfde6ef59f65724 (patch) | |
tree | 7621042ce315f4ec8398675b868379d802a5ea90 | |
parent | 24b2eab6351920dd60210b6dcd350c9921e7b3b5 (diff) | |
download | pdfium-4ef782ab57979add3e3910d6bcfde6ef59f65724.tar.xz |
Type check the m_pShadingObj before assuming it's a stream.
The m_pShadingObj can be a stream or a dictionary depending on how it's used.
This CL adds some simple type checking to make sure that the type of the
object matches what we expect.
BUG=chromium:547706
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1421973004 .
-rw-r--r-- | BUILD.gn | 1 | ||||
-rw-r--r-- | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp | 5 | ||||
-rw-r--r-- | core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp | 16 | ||||
-rw-r--r-- | pdfium.gyp | 1 | ||||
-rw-r--r-- | testing/resources/bug_547706.in | 43 | ||||
-rw-r--r-- | testing/resources/bug_547706.pdf | 55 |
6 files changed, 121 insertions, 0 deletions
@@ -778,6 +778,7 @@ test("pdfium_embeddertests") { sources = [ "core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp", "core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp", + "core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp", "fpdfsdk/src/fpdf_dataavail_embeddertest.cpp", "fpdfsdk/src/fpdfdoc_embeddertest.cpp", "fpdfsdk/src/fpdfformfill_embeddertest.cpp", diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp index 7b04d8cd33..ded6c878ea 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp @@ -140,6 +140,11 @@ FX_BOOL CPDF_ShadingPattern::Load() { m_pCountedCS = pDocPageData->FindColorSpacePtr(m_pCS->GetArray()); } m_ShadingType = pShadingDict->GetInteger(FX_BSTRC("ShadingType")); + + // We expect to have a stream if our shading type is a mesh. + if (m_ShadingType >= 4 && !ToStream(m_pShadingObj)) + return FALSE; + return TRUE; } FX_BOOL CPDF_ShadingPattern::Reload() { diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp new file mode 100644 index 0000000000..30d7a416be --- /dev/null +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp @@ -0,0 +1,16 @@ +// Copyright 2015 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "../../../testing/embedder_test.h" +#include "testing/gtest/include/gtest/gtest.h" + +class FPDFRenderPatternEmbeddertest : public EmbedderTest {}; + +TEST_F(FPDFRenderPatternEmbeddertest, LoadError_547706) { + // Test shading where object is a dictionary instead of a stream. + EXPECT_TRUE(OpenDocument("testing/resources/bug_547706.pdf")); + FPDF_PAGE page = LoadPage(0); + RenderPage(page); + UnloadPage(page); +} diff --git a/pdfium.gyp b/pdfium.gyp index 695e923014..e98a4eee33 100644 --- a/pdfium.gyp +++ b/pdfium.gyp @@ -742,6 +742,7 @@ 'sources': [ 'core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp', 'core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp', + 'core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp', 'fpdfsdk/src/fpdf_dataavail_embeddertest.cpp', 'fpdfsdk/src/fpdfdoc_embeddertest.cpp', 'fpdfsdk/src/fpdfformfill_embeddertest.cpp', diff --git a/testing/resources/bug_547706.in b/testing/resources/bug_547706.in new file mode 100644 index 0000000000..4c31f19211 --- /dev/null +++ b/testing/resources/bug_547706.in @@ -0,0 +1,43 @@ +{{header}} + +{{object 1 0}} +<< /Pages 2 0 R >> +endobj + +{{object 2 0}} +<< /Kids [ 3 0 R ] >> +endobj + +{{object 3 0}} +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +{{object 4 0}} +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +{{object 6 0}} +<< /R9 7 0 R >> +endobj + +{{object 7 0}} +<< /PatternType 2 /Shading 8 0 R >> +endobj + +{{object 8 0}} +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +{{xref}} +trailer << + /Root 1 0 R + /Size 9 +>> +{{startxref}} +%%EOF diff --git a/testing/resources/bug_547706.pdf b/testing/resources/bug_547706.pdf new file mode 100644 index 0000000000..8003b3c488 --- /dev/null +++ b/testing/resources/bug_547706.pdf @@ -0,0 +1,55 @@ +%PDF-1.7 +% ò¤ô + +1 0 obj +<< /Pages 2 0 R >> +endobj + +2 0 obj +<< /Kids [ 3 0 R ] >> +endobj + +3 0 obj +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +4 0 obj +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +6 0 obj +<< /R9 7 0 R >> +endobj + +7 0 obj +<< /PatternType 2 /Shading 8 0 R >> +endobj + +8 0 obj +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +xref +0 9 +0000000000 65535 f +0000000016 00000 n +0000000051 00000 n +0000000089 00000 n +0000000158 00000 n +0000000000 65535 f +0000000266 00000 n +0000000298 00000 n +0000000350 00000 n +trailer << + /Root 1 0 R + /Size 9 +>> +startxref +431 +%%EOF |