diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-10-15 18:18:18 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-10-15 18:18:18 +0000 |
commit | 6793dad3038a6ed4a2bd68aeb1833c00e7413cf3 (patch) | |
tree | 53b83213cea6e2f381ad4715f5f9c26f87235f37 | |
parent | bc75f62774a31ca94188e1910624bac246d550f7 (diff) | |
download | pdfium-6793dad3038a6ed4a2bd68aeb1833c00e7413cf3.tar.xz |
Stop shadowing codec memory size with CCodec_ProgressiveDecoder::m_SrcSize
This is a remnant from the old implementation which can get out
of sync with the actual value, esp. in the fuzzers where buffers
are shorter-lived.
Bug: 895009
Change-Id: Ibf16dad58dd750c961e3b446f12cb2197004dbb4
Reviewed-on: https://pdfium-review.googlesource.com/c/44010
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
-rw-r--r-- | core/fxcodec/codec/ccodec_progressivedecoder.cpp | 36 | ||||
-rw-r--r-- | core/fxcodec/codec/ccodec_progressivedecoder.h | 1 |
2 files changed, 17 insertions, 20 deletions
diff --git a/core/fxcodec/codec/ccodec_progressivedecoder.cpp b/core/fxcodec/codec/ccodec_progressivedecoder.cpp index c3ab8c60c1..04dda05157 100644 --- a/core/fxcodec/codec/ccodec_progressivedecoder.cpp +++ b/core/fxcodec/codec/ccodec_progressivedecoder.cpp @@ -768,7 +768,9 @@ bool CCodec_ProgressiveDecoder::BmpDetectImageTypeInBuffer( return false; } - uint32_t availableData = m_SrcSize > m_offSet ? m_SrcSize - m_offSet : 0; + uint32_t availableData = m_pCodecMemory->GetSize() > m_offSet + ? m_pCodecMemory->GetSize() - m_offSet + : 0; if (neededData > availableData) { m_status = FXCODEC_STATUS_ERR_FORMAT; return false; @@ -1266,10 +1268,9 @@ bool CCodec_ProgressiveDecoder::PngDetectImageTypeInBuffer( m_status = FXCODEC_STATUS_ERR_FORMAT; return false; } - if (m_pCodecMemory && input_size > m_SrcSize) { + if (m_pCodecMemory && input_size > m_pCodecMemory->GetSize()) m_pCodecMemory = pdfium::MakeRetain<CFX_CodecMemory>(input_size); - m_SrcSize = input_size; - } + if (!m_pFile->ReadBlock(m_pCodecMemory->GetBuffer(), m_offSet, input_size)) { m_status = FXCODEC_STATUS_ERR_READ; @@ -1350,10 +1351,9 @@ FXCODEC_STATUS CCodec_ProgressiveDecoder::PngContinueDecode() { m_status = FXCODEC_STATUS_DECODE_FINISH; return m_status; } - if (m_pCodecMemory && input_size > m_SrcSize) { + if (m_pCodecMemory && input_size > m_pCodecMemory->GetSize()) m_pCodecMemory = pdfium::MakeRetain<CFX_CodecMemory>(input_size); - m_SrcSize = input_size; - } + bool bResult = m_pFile->ReadBlock(m_pCodecMemory->GetBuffer(), m_offSet, input_size); if (!bResult) { @@ -1549,14 +1549,13 @@ bool CCodec_ProgressiveDecoder::DetectImageType(FXCODEC_IMAGE_TYPE imageType, #endif // PDF_ENABLE_XFA_TIFF size_t size = std::min<size_t>(m_pFile->GetSize(), FXCODEC_BLOCK_SIZE); - m_SrcSize = static_cast<uint32_t>(size); - m_pCodecMemory = pdfium::MakeRetain<CFX_CodecMemory>(m_SrcSize); + m_pCodecMemory = pdfium::MakeRetain<CFX_CodecMemory>(size); m_offSet = 0; - if (!m_pFile->ReadBlock(m_pCodecMemory->GetBuffer(), m_offSet, m_SrcSize)) { + if (!m_pFile->ReadBlock(m_pCodecMemory->GetBuffer(), m_offSet, size)) { m_status = FXCODEC_STATUS_ERR_READ; return false; } - m_offSet += m_SrcSize; + m_offSet += size; if (imageType == FXCODEC_IMAGE_JPG) return JpegDetectImageTypeInBuffer(pAttribute); @@ -1593,31 +1592,30 @@ bool CCodec_ProgressiveDecoder::ReadMoreData( uint32_t dwBytesToFetchFromFile = m_pFile->GetSize() - m_offSet; // Figure out if the codec stopped processing midway through the buffer. - uint32_t dwUnconsumed = 0; + size_t dwUnconsumed = 0; if (!invalidate_buffer) { - FX_SAFE_UINT32 avail_input = pModule->GetAvailInput(pContext); + FX_SAFE_SIZE_T avail_input = pModule->GetAvailInput(pContext); if (!avail_input.IsValid()) return false; dwUnconsumed = avail_input.ValueOrDie(); } - if (dwUnconsumed == m_SrcSize) { + if (dwUnconsumed == m_pCodecMemory->GetSize()) { // Codec couldn't make any progress against the bytes in the buffer. // Increase the buffer size so that there might be enough contiguous // bytes to allow whatever operation is having difficulty to succeed. dwBytesToFetchFromFile = std::min<uint32_t>(dwBytesToFetchFromFile, FXCODEC_BLOCK_SIZE); - uint32_t dwNewSize = m_SrcSize + dwBytesToFetchFromFile; + size_t dwNewSize = m_pCodecMemory->GetSize() + dwBytesToFetchFromFile; if (!m_pCodecMemory->TryResize(dwNewSize)) { err_status = FXCODEC_STATUS_ERR_MEMORY; return false; } - m_SrcSize = dwNewSize; } else { - uint32_t dwConsumed = m_SrcSize - dwUnconsumed; + size_t dwConsumed = m_pCodecMemory->GetSize() - dwUnconsumed; m_pCodecMemory->Consume(dwConsumed); - dwBytesToFetchFromFile = std::min(dwBytesToFetchFromFile, dwConsumed); - m_SrcSize = dwBytesToFetchFromFile + dwUnconsumed; + dwBytesToFetchFromFile = + std::min<uint32_t>(dwBytesToFetchFromFile, dwConsumed); } // Append new data past the bytes not yet processed by the codec. diff --git a/core/fxcodec/codec/ccodec_progressivedecoder.h b/core/fxcodec/codec/ccodec_progressivedecoder.h index d0419f8268..1c764cbb4b 100644 --- a/core/fxcodec/codec/ccodec_progressivedecoder.h +++ b/core/fxcodec/codec/ccodec_progressivedecoder.h @@ -268,7 +268,6 @@ class CCodec_ProgressiveDecoder : std::unique_ptr<CodecModuleIface::Context> m_pTiffContext; #endif // PDF_ENABLE_XFA_TIFF uint32_t m_offSet = 0; - uint32_t m_SrcSize = 0; int m_ScanlineSize = 0; CFXCODEC_WeightTable m_WeightHorz; CFXCODEC_VertTable m_WeightVert; |