Use correct length in guard check

When fixing https://crbug.com/672177 we added a guard that we aren't
reading off the end of the file. That guard used the file access
Position(). This is the wrong value to compare against as our read
position and the file access Position may be different. This CL updates
the check to use the correct current file position.

Bug: pdfium:697
Change-Id: I68a5eaed2f1f3d65422605f0a8474144cfa7d172
Reviewed-on: https://pdfium-review.googlesource.com/3711
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

1 files changed, 3 insertions, 4 deletions

diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
index 67c0977cfe..6ffd641aa8 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
@@ -724,11 +724,10 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream(
     }
     m_Pos = streamStartPos;
   }
-  if (len < 0)
-    return nullptr;
 
-  // If the length is longer then the remaining buffer giveup.
-  if (len > m_pFileAccess->GetSize() - m_pFileAccess->GetPosition())
+  // Read up to the end of the buffer.
+  std::min(len, m_FileLen - m_Pos - m_HeaderOffset);
+  if (len <= 0)
     return nullptr;
 
   std::unique_ptr<uint8_t, FxFreeDeleter> pData;