diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2015-10-26 16:14:23 -0400 |
|---|---|---|
| committer | Dan Sinclair <dsinclair@chromium.org> | 2015-10-26 16:14:23 -0400 |
| commit | 85361b227ad6786d2aeef8409b79a8d077a26ee9 (patch) | |
| tree | fe1ecb088ee13e6a8104183d4777d8fd3e216771 | |
| parent | 6ee3484bcb413f4cce303e237fe15e2bdaf51ade (diff) | |
| download | pdfium-85361b227ad6786d2aeef8409b79a8d077a26ee9.tar.xz | |
Make m_pShadingObj a CPDF_Stream instead of CPDF_Object.
This object is required to be a stream and was being converted as such. With
the new type checking this caused us to pass a nullptr where previously we'd
have, incorrectly, cast a CPDF_Dictionary to a CPDF_Stream.
This CL changes the m_pShadingObj to always be a CPDF_Stream. Then, we never
go down the bad code path because we check if m_pShadingObj is nullptr earlier
and bail out.
BUG=chromium:547706
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1426713002 .
| -rw-r--r-- | BUILD.gn | 1 | ||||
| -rw-r--r-- | core/include/fpdfapi/fpdf_resource.h | 2 | ||||
| -rw-r--r-- | core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp | 7 | ||||
| -rw-r--r-- | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp | 4 | ||||
| -rw-r--r-- | core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp | 14 | ||||
| -rw-r--r-- | core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp | 16 | ||||
| -rw-r--r-- | pdfium.gyp | 1 | ||||
| -rw-r--r-- | testing/resources/bug_547706.in | 43 | ||||
| -rw-r--r-- | testing/resources/bug_547706.pdf | 55 |
9 files changed, 128 insertions, 15 deletions
@@ -778,6 +778,7 @@ test("pdfium_embeddertests") { sources = [ "core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp", "core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp", + "core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp", "fpdfsdk/src/fpdf_dataavail_embeddertest.cpp", "fpdfsdk/src/fpdfdoc_embeddertest.cpp", "fpdfsdk/src/fpdfformfill_embeddertest.cpp", diff --git a/core/include/fpdfapi/fpdf_resource.h b/core/include/fpdfapi/fpdf_resource.h index 9fe6e2b95f..0b85333cfc 100644 --- a/core/include/fpdfapi/fpdf_resource.h +++ b/core/include/fpdfapi/fpdf_resource.h @@ -688,7 +688,7 @@ class CPDF_ShadingPattern : public CPDF_Pattern { ~CPDF_ShadingPattern() override; - CPDF_Object* m_pShadingObj; + CPDF_Stream* m_pShadingObj; FX_BOOL m_bShadingObj; diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp index b12a65a844..bd4319df11 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp @@ -1128,10 +1128,9 @@ void CPDF_StreamContentParser::Handle_ShadeFill() { bbox = m_BBox; } if (pShading->m_ShadingType >= 4) { - bbox.Intersect(_GetShadingBBox(ToStream(pShading->m_pShadingObj), - pShading->m_ShadingType, &pObj->m_Matrix, - pShading->m_pFunctions, pShading->m_nFuncs, - pShading->m_pCS)); + bbox.Intersect(_GetShadingBBox( + pShading->m_pShadingObj, pShading->m_ShadingType, &pObj->m_Matrix, + pShading->m_pFunctions, pShading->m_nFuncs, pShading->m_pCS)); } pObj->m_Left = bbox.left; pObj->m_Right = bbox.right; diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp index 7b04d8cd33..d06f481138 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp @@ -71,12 +71,12 @@ CPDF_ShadingPattern::CPDF_ShadingPattern(CPDF_Document* pDoc, CPDF_Dictionary* pDict = m_pPatternObj->GetDict(); ASSERT(pDict != NULL); m_Pattern2Form = pDict->GetMatrix(FX_BSTRC("Matrix")); - m_pShadingObj = pDict->GetElementValue(FX_BSTRC("Shading")); + m_pShadingObj = ToStream(pDict->GetElementValue(FX_BSTRC("Shading"))); if (parentMatrix) { m_Pattern2Form.Concat(*parentMatrix); } } else { - m_pShadingObj = pPatternObj; + m_pShadingObj = ToStream(pPatternObj); } m_ShadingType = 0; m_pCS = NULL; diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp index 4ed6c07675..015f1a3166 100644 --- a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp @@ -881,20 +881,18 @@ void CPDF_RenderStatus::DrawShading(CPDF_ShadingPattern* pPattern, pColorSpace, alpha); break; case 4: { - DrawFreeGouraudShading(pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, nFuncs, - pColorSpace, alpha); + DrawFreeGouraudShading(pBitmap, &FinalMatrix, pPattern->m_pShadingObj, + pFuncs, nFuncs, pColorSpace, alpha); } break; case 5: { - DrawLatticeGouraudShading(pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, - nFuncs, pColorSpace, alpha); + DrawLatticeGouraudShading(pBitmap, &FinalMatrix, pPattern->m_pShadingObj, + pFuncs, nFuncs, pColorSpace, alpha); } break; case 6: case 7: { DrawCoonPatchMeshes(pPattern->m_ShadingType - 6, pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, nFuncs, - pColorSpace, fill_mode, alpha); + pPattern->m_pShadingObj, pFuncs, nFuncs, pColorSpace, + fill_mode, alpha); } break; } if (bAlphaMode) { diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp new file mode 100644 index 0000000000..30d7a416be --- /dev/null +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp @@ -0,0 +1,16 @@ +// Copyright 2015 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "../../../testing/embedder_test.h" +#include "testing/gtest/include/gtest/gtest.h" + +class FPDFRenderPatternEmbeddertest : public EmbedderTest {}; + +TEST_F(FPDFRenderPatternEmbeddertest, LoadError_547706) { + // Test shading where object is a dictionary instead of a stream. + EXPECT_TRUE(OpenDocument("testing/resources/bug_547706.pdf")); + FPDF_PAGE page = LoadPage(0); + RenderPage(page); + UnloadPage(page); +} diff --git a/pdfium.gyp b/pdfium.gyp index 2aba2a7156..35e12e2dc3 100644 --- a/pdfium.gyp +++ b/pdfium.gyp @@ -749,6 +749,7 @@ 'sources': [ 'core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp', 'core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp', + 'core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp', 'fpdfsdk/src/fpdf_dataavail_embeddertest.cpp', 'fpdfsdk/src/fpdfdoc_embeddertest.cpp', 'fpdfsdk/src/fpdfformfill_embeddertest.cpp', diff --git a/testing/resources/bug_547706.in b/testing/resources/bug_547706.in new file mode 100644 index 0000000000..4c31f19211 --- /dev/null +++ b/testing/resources/bug_547706.in @@ -0,0 +1,43 @@ +{{header}} + +{{object 1 0}} +<< /Pages 2 0 R >> +endobj + +{{object 2 0}} +<< /Kids [ 3 0 R ] >> +endobj + +{{object 3 0}} +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +{{object 4 0}} +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +{{object 6 0}} +<< /R9 7 0 R >> +endobj + +{{object 7 0}} +<< /PatternType 2 /Shading 8 0 R >> +endobj + +{{object 8 0}} +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +{{xref}} +trailer << + /Root 1 0 R + /Size 9 +>> +{{startxref}} +%%EOF diff --git a/testing/resources/bug_547706.pdf b/testing/resources/bug_547706.pdf new file mode 100644 index 0000000000..8003b3c488 --- /dev/null +++ b/testing/resources/bug_547706.pdf @@ -0,0 +1,55 @@ +%PDF-1.7 +% ò¤ô + +1 0 obj +<< /Pages 2 0 R >> +endobj + +2 0 obj +<< /Kids [ 3 0 R ] >> +endobj + +3 0 obj +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +4 0 obj +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +6 0 obj +<< /R9 7 0 R >> +endobj + +7 0 obj +<< /PatternType 2 /Shading 8 0 R >> +endobj + +8 0 obj +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +xref +0 9 +0000000000 65535 f +0000000016 00000 n +0000000051 00000 n +0000000089 00000 n +0000000158 00000 n +0000000000 65535 f +0000000266 00000 n +0000000298 00000 n +0000000350 00000 n +trailer << + /Root 1 0 R + /Size 9 +>> +startxref +431 +%%EOF |