CPDF_DataAvail: avoid reads into stack buffers.

Not a good practice even with correct bounds checks.
Same idea for fpdf_edit_create.cpp

Change-Id: I90b869ae4a07eb60d59997b9c5afc14830efc076
Reviewed-on: https://pdfium-review.googlesource.com/4830
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>

1 files changed, 5 insertions, 3 deletions

diff --git a/core/fpdfapi/edit/fpdf_edit_create.cpp b/core/fpdfapi/edit/fpdf_edit_create.cpp
index 24ec0d7b55..d0482173bb 100644
--- a/core/fpdfapi/edit/fpdf_edit_create.cpp
+++ b/core/fpdfapi/edit/fpdf_edit_create.cpp
@@ -1424,13 +1424,15 @@ int32_t CPDF_Creator::WriteDoc_Stage1(IFX_Pause* pPause) {
     if ((m_dwFlags & FPDFCREATE_NO_ORIGINAL) == 0 && m_SavedOffset > 0) {
       CFX_RetainPtr<IFX_SeekableReadStream> pSrcFile =
           m_pParser->GetFileAccess();
-      uint8_t buffer[4096];  // TODO(tsepez): don't stack allocate.
+      std::vector<uint8_t> buffer(4096);
       FX_FILESIZE src_size = m_SavedOffset;
       while (src_size) {
         uint32_t block_size = src_size > 4096 ? 4096 : src_size;
-        if (!pSrcFile->ReadBlock(buffer, m_Offset - src_size, block_size))
+        if (!pSrcFile->ReadBlock(buffer.data(), m_Offset - src_size,
+                                 block_size)) {
           return -1;
-        if (m_File.AppendBlock(buffer, block_size) < 0)
+        }
+        if (m_File.AppendBlock(buffer.data(), block_size) < 0)
           return -1;
 
         src_size -= block_size;