diff options
author | Artem Strygin <art-snake@yandex-team.ru> | 2018-07-30 16:30:28 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-07-30 16:30:28 +0000 |
commit | 552f1ec14f94c09fce4126b5e72d3c02c150ab35 (patch) | |
tree | 32f754697b792fd2c0b2facb19f9f99bad2979af | |
parent | 8584902d81ffabc06bb4895f558e375e5429fe72 (diff) | |
download | pdfium-552f1ec14f94c09fce4126b5e72d3c02c150ab35.tar.xz |
Check maximum bit count of shared group object numbers.
Bug: chromium:868477
Change-Id: I5957c5ef051bc4fa8eb51efa6a7fc142996742c5
Reviewed-on: https://pdfium-review.googlesource.com/39130
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
-rw-r--r-- | core/fpdfapi/parser/cpdf_hint_tables.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_hint_tables.cpp b/core/fpdfapi/parser/cpdf_hint_tables.cpp index 8d8aa3263a..71fb6e2843 100644 --- a/core/fpdfapi/parser/cpdf_hint_tables.cpp +++ b/core/fpdfapi/parser/cpdf_hint_tables.cpp @@ -252,6 +252,8 @@ bool CPDF_HintTables::ReadSharedObjHintTable(CFX_BitStream* hStream, // Item 5: The number of bits needed to represent the greatest number of // objects in a shared object group. uint32_t dwSharedObjNumBits = hStream->GetBits(16); + if (dwSharedObjNumBits > 32) + return false; // Item 6: The least length of a shared object group in bytes. uint32_t dwGroupLeastLen = hStream->GetBits(32); |