diff options
| author | weili <weili@chromium.org> | 2016-05-04 09:36:11 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-05-04 09:36:11 -0700 |
| commit | a031357eaab7c934ac03717968cf78ff556c819b (patch) | |
| tree | 01fc5cd2c42322652e56e0e1a01ff2b6a566d125 /core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp | |
| parent | 696fc8b70c19cf35fd10bc10f547aae74fc6333c (diff) | |
| download | pdfium-a031357eaab7c934ac03717968cf78ff556c819b.tar.xz | |
Reland of lax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1946693002/ )
Reason for revert:
The culprit was found and confirmed, not this one.
Original issue's description:
> Revert of Relax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1926823002/ )
>
> Reason for revert:
> Speculatively revert due to high volume of crashes on Chromium.
>
> Original issue's description:
> > Relax a couple checks to allow certain non-standard PDF files.
> >
> > Some non-standard PDF files misuse the size of cross reference table,
> > and reuse some object number which the old one is still in use. PDFium
> > can relax the reusing of xref objects only since it is not referred in
> > the pdf document. When the size of cross reference table is larger
> > than defined, PDFium will try to continue other than abort.
> >
> > BUG=chromium:596947
> >
> > Committed: https://pdfium.googlesource.com/pdfium/+/cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734
>
> TBR=thestig@chromium.org,dsinclair@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=chromium:596947
>
> Committed: https://pdfium.googlesource.com/pdfium/+/5fc4f31285c3a88fc157fd2d9b9cf2eb5c7cabed
TBR=thestig@chromium.org,dsinclair@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1947983002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp')
| -rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp index ef3395d3ae..4020b003bb 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp @@ -6,6 +6,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_indirect_object_holder.h" +#include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_object.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_parser.h" @@ -24,17 +25,28 @@ CPDF_Object* CPDF_IndirectObjectHolder::GetIndirectObject(uint32_t objnum) { if (objnum == 0) return nullptr; + CPDF_Object* result_obj = nullptr; auto it = m_IndirectObjs.find(objnum); - if (it != m_IndirectObjs.end()) - return it->second->GetObjNum() != CPDF_Object::kInvalidObjNum ? it->second - : nullptr; + if (it != m_IndirectObjs.end()) { + CPDF_Object* obj = it->second; + result_obj = + obj->GetObjNum() != CPDF_Object::kInvalidObjNum ? it->second : nullptr; + // Xref object is not used by the pdf document itself. Some software thus + // reuse an object number for xref object. So when we get an xref object, + // try again to see whether another object with the same number is defined. + // If so, use that object instead. See chromium:596947. + CPDF_Dictionary* dict = + obj->IsStream() ? obj->GetDict() : obj->AsDictionary(); + if (!dict || dict->GetStringBy("Type") != "XRef") + return result_obj; + } if (!m_pParser) return nullptr; CPDF_Object* pObj = m_pParser->ParseIndirectObject(this, objnum); if (!pObj) - return nullptr; + return result_obj; pObj->m_ObjNum = objnum; m_LastObjNum = std::max(m_LastObjNum, objnum); |