summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtem Strygin <art-snake@yandex-team.ru>2018-07-11 16:25:14 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-07-11 16:25:14 +0000
commit7c694a4632dc3b11e26d66a44e598a211913d02a (patch)
tree3258d86c9df382d7974b4f7e8dea2c14a6c4294b
parente7e454da8e382513b9e271bb3e0be3bd901bfbd9 (diff)
downloadpdfium-7c694a4632dc3b11e26d66a44e598a211913d02a.tar.xz
Fix crash and memory leak.
Do not return size within CPDF_StreamAcc in case when read data failed. Also free buffers in this case. Bug: chromium:860210 Change-Id: Ifb2a061d7c8427409b68c33f213c5c55343fb946 Reviewed-on: https://pdfium-review.googlesource.com/37310 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
-rw-r--r--BUILD.gn1
-rw-r--r--core/fpdfapi/parser/cpdf_stream_acc.cpp8
-rw-r--r--core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp38
3 files changed, 45 insertions, 2 deletions
diff --git a/BUILD.gn b/BUILD.gn
index d30640f30c..222784f36e 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -2875,6 +2875,7 @@ test("pdfium_unittests") {
"core/fpdfapi/parser/cpdf_parser_unittest.cpp",
"core/fpdfapi/parser/cpdf_read_validator_unittest.cpp",
"core/fpdfapi/parser/cpdf_simple_parser_unittest.cpp",
+ "core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp",
"core/fpdfapi/parser/cpdf_syntax_parser_unittest.cpp",
"core/fpdfapi/parser/fpdf_parser_decode_unittest.cpp",
"core/fpdfapi/parser/fpdf_parser_utility_unittest.cpp",
diff --git a/core/fpdfapi/parser/cpdf_stream_acc.cpp b/core/fpdfapi/parser/cpdf_stream_acc.cpp
index 1734b0ddcb..18d0b35107 100644
--- a/core/fpdfapi/parser/cpdf_stream_acc.cpp
+++ b/core/fpdfapi/parser/cpdf_stream_acc.cpp
@@ -38,8 +38,11 @@ void CPDF_StreamAcc::LoadAllData(bool bRawAccess,
pSrcData = m_pStream->GetInMemoryRawData();
} else {
pSrcData = m_pSrcData = FX_Alloc(uint8_t, dwSrcSize);
- if (!m_pStream->ReadRawData(0, pSrcData, dwSrcSize))
+ if (!m_pStream->ReadRawData(0, pSrcData, dwSrcSize)) {
+ FX_Free(pSrcData);
+ pSrcData = m_pSrcData = nullptr;
return;
+ }
}
if (bProcessRawData) {
m_pData = pSrcData;
@@ -77,7 +80,8 @@ uint8_t* CPDF_StreamAcc::GetData() const {
uint32_t CPDF_StreamAcc::GetSize() const {
if (m_bNewBuf)
return m_dwSize;
- return m_pStream ? m_pStream->GetRawSize() : 0;
+ return (m_pStream && m_pStream->IsMemoryBased()) ? m_pStream->GetRawSize()
+ : 0;
}
std::unique_ptr<uint8_t, FxFreeDeleter> CPDF_StreamAcc::DetachData() {
diff --git a/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp b/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp
new file mode 100644
index 0000000000..dcebf0b3a7
--- /dev/null
+++ b/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp
@@ -0,0 +1,38 @@
+// Copyright 2018 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/fpdfapi/parser/cpdf_stream_acc.h"
+
+#include "core/fpdfapi/parser/cpdf_stream.h"
+
+#include "core/fxcrt/cfx_memorystream.h"
+#include "core/fxcrt/fx_stream.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+class InvalidStream : public IFX_SeekableReadStream {
+ public:
+ InvalidStream() = default;
+ ~InvalidStream() override = default;
+
+ // IFX_SeekableReadStream overrides:
+ bool ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+ // Read failure.
+ return false;
+ }
+
+ FX_FILESIZE GetSize() override { return 1024; }
+};
+
+} // namespace
+
+TEST(CPDF_StreamAccTest, ReadRawDataFailed) {
+ CPDF_Stream stream;
+ stream.InitStreamFromFile(pdfium::MakeRetain<InvalidStream>(), nullptr);
+ auto stream_acc = pdfium::MakeRetain<CPDF_StreamAcc>(&stream);
+ stream_acc->LoadAllDataRaw();
+ EXPECT_EQ(0u, stream_acc->GetSize());
+ EXPECT_FALSE(stream_acc->GetData());
+}