diff options
author | Artem Strygin <art-snake@yandex-team.ru> | 2018-07-11 16:25:14 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-07-11 16:25:14 +0000 |
commit | 7c694a4632dc3b11e26d66a44e598a211913d02a (patch) | |
tree | 3258d86c9df382d7974b4f7e8dea2c14a6c4294b | |
parent | e7e454da8e382513b9e271bb3e0be3bd901bfbd9 (diff) | |
download | pdfium-7c694a4632dc3b11e26d66a44e598a211913d02a.tar.xz |
Fix crash and memory leak.
Do not return size within CPDF_StreamAcc in case when read
data failed.
Also free buffers in this case.
Bug: chromium:860210
Change-Id: Ifb2a061d7c8427409b68c33f213c5c55343fb946
Reviewed-on: https://pdfium-review.googlesource.com/37310
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
-rw-r--r-- | BUILD.gn | 1 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_stream_acc.cpp | 8 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp | 38 |
3 files changed, 45 insertions, 2 deletions
@@ -2875,6 +2875,7 @@ test("pdfium_unittests") { "core/fpdfapi/parser/cpdf_parser_unittest.cpp", "core/fpdfapi/parser/cpdf_read_validator_unittest.cpp", "core/fpdfapi/parser/cpdf_simple_parser_unittest.cpp", + "core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp", "core/fpdfapi/parser/cpdf_syntax_parser_unittest.cpp", "core/fpdfapi/parser/fpdf_parser_decode_unittest.cpp", "core/fpdfapi/parser/fpdf_parser_utility_unittest.cpp", diff --git a/core/fpdfapi/parser/cpdf_stream_acc.cpp b/core/fpdfapi/parser/cpdf_stream_acc.cpp index 1734b0ddcb..18d0b35107 100644 --- a/core/fpdfapi/parser/cpdf_stream_acc.cpp +++ b/core/fpdfapi/parser/cpdf_stream_acc.cpp @@ -38,8 +38,11 @@ void CPDF_StreamAcc::LoadAllData(bool bRawAccess, pSrcData = m_pStream->GetInMemoryRawData(); } else { pSrcData = m_pSrcData = FX_Alloc(uint8_t, dwSrcSize); - if (!m_pStream->ReadRawData(0, pSrcData, dwSrcSize)) + if (!m_pStream->ReadRawData(0, pSrcData, dwSrcSize)) { + FX_Free(pSrcData); + pSrcData = m_pSrcData = nullptr; return; + } } if (bProcessRawData) { m_pData = pSrcData; @@ -77,7 +80,8 @@ uint8_t* CPDF_StreamAcc::GetData() const { uint32_t CPDF_StreamAcc::GetSize() const { if (m_bNewBuf) return m_dwSize; - return m_pStream ? m_pStream->GetRawSize() : 0; + return (m_pStream && m_pStream->IsMemoryBased()) ? m_pStream->GetRawSize() + : 0; } std::unique_ptr<uint8_t, FxFreeDeleter> CPDF_StreamAcc::DetachData() { diff --git a/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp b/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp new file mode 100644 index 0000000000..dcebf0b3a7 --- /dev/null +++ b/core/fpdfapi/parser/cpdf_stream_acc_unittest.cpp @@ -0,0 +1,38 @@ +// Copyright 2018 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "core/fpdfapi/parser/cpdf_stream_acc.h" + +#include "core/fpdfapi/parser/cpdf_stream.h" + +#include "core/fxcrt/cfx_memorystream.h" +#include "core/fxcrt/fx_stream.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace { + +class InvalidStream : public IFX_SeekableReadStream { + public: + InvalidStream() = default; + ~InvalidStream() override = default; + + // IFX_SeekableReadStream overrides: + bool ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { + // Read failure. + return false; + } + + FX_FILESIZE GetSize() override { return 1024; } +}; + +} // namespace + +TEST(CPDF_StreamAccTest, ReadRawDataFailed) { + CPDF_Stream stream; + stream.InitStreamFromFile(pdfium::MakeRetain<InvalidStream>(), nullptr); + auto stream_acc = pdfium::MakeRetain<CPDF_StreamAcc>(&stream); + stream_acc->LoadAllDataRaw(); + EXPECT_EQ(0u, stream_acc->GetSize()); + EXPECT_FALSE(stream_acc->GetData()); +} |