Fix a buffer overflow in FPDFPage_Flatten().

BUG=chromium:732661 Change-Id: Ie11a7d97db97ac969fb6230956efbf21c2ed3d87 Reviewed-on: https://pdfium-review.googlesource.com/6555 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2017-06-13 22:57:46 -0700
committer: Chromium commit bot <commit-bot@chromium.org> 2017-06-14 13:24:21 +0000
commit: f0f2a2a528e154b8ceeded297abc3a64007850f8 (patch)
tree: 483e81583fb438cda3b104ab0ae8fbc00c941f1c
parent: c71de7fe009494675e56df5825b0e1ad3472c7d3 (diff)
download: pdfium-f0f2a2a528e154b8ceeded297abc3a64007850f8.tar.xz
1 files changed, 9 insertions, 6 deletions
diff --git a/fpdfsdk/fpdf_flatten.cpp b/fpdfsdk/fpdf_flatten.cpp
index 0477d6fea5..914008c1a3 100644
--- a/fpdfsdk/fpdf_flatten.cpp
+++ b/fpdfsdk/fpdf_flatten.cpp
@@ -305,15 +305,18 @@ DLLEXPORT int STDCALL FPDFPage_Flatten(FPDF_PAGE page, int nFlag) {
   if (!pPageXObject)
     pPageXObject = pRes->SetNewFor<CPDF_Dictionary>("XObject");
 
-  CFX_ByteString key = "";
+  CFX_ByteString key;
   int nStreams = pdfium::CollectionSize<int>(ObjectArray);
   if (nStreams > 0) {
-    for (int iKey = 0; /*iKey < 100*/; iKey++) {
-      char sExtend[5] = {};
-      FXSYS_itoa(iKey, sExtend, 10);
-      key = CFX_ByteString("FFT") + CFX_ByteString(sExtend);
-      if (!pPageXObject->KeyExist(key))
+    CFX_ByteString sKey;
+    int i = 0;
+    while (i < INT_MAX) {
+      sKey.Format("FFT%d", i);
+      if (!pPageXObject->KeyExist(sKey)) {
+        key = sKey;
         break;
+      }
+      ++i;
     }
   }
author	Lei Zhang <thestig@chromium.org>	2017-06-13 22:57:46 -0700
committer	Chromium commit bot <commit-bot@chromium.org>	2017-06-14 13:24:21 +0000
commit	f0f2a2a528e154b8ceeded297abc3a64007850f8 (patch)
tree	483e81583fb438cda3b104ab0ae8fbc00c941f1c
parent	c71de7fe009494675e56df5825b0e1ad3472c7d3 (diff)
download	pdfium-f0f2a2a528e154b8ceeded297abc3a64007850f8.tar.xz