diff options
author | weili <weili@chromium.org> | 2016-04-29 10:24:02 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-04-29 10:24:02 -0700 |
commit | cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734 (patch) | |
tree | e041c06e74618aba9768cacf1245fd0168e8ba56 /core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp | |
parent | d15ba4e29607665db35bc6fb610cc566981b324a (diff) | |
download | pdfium-cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734.tar.xz |
Relax a couple checks to allow certain non-standard PDF files.
Some non-standard PDF files misuse the size of cross reference table,
and reuse some object number which the old one is still in use. PDFium
can relax the reusing of xref objects only since it is not referred in
the pdf document. When the size of cross reference table is larger
than defined, PDFium will try to continue other than abort.
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1926823002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp')
-rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp index ef3395d3ae..4020b003bb 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp @@ -6,6 +6,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_indirect_object_holder.h" +#include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_object.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_parser.h" @@ -24,17 +25,28 @@ CPDF_Object* CPDF_IndirectObjectHolder::GetIndirectObject(uint32_t objnum) { if (objnum == 0) return nullptr; + CPDF_Object* result_obj = nullptr; auto it = m_IndirectObjs.find(objnum); - if (it != m_IndirectObjs.end()) - return it->second->GetObjNum() != CPDF_Object::kInvalidObjNum ? it->second - : nullptr; + if (it != m_IndirectObjs.end()) { + CPDF_Object* obj = it->second; + result_obj = + obj->GetObjNum() != CPDF_Object::kInvalidObjNum ? it->second : nullptr; + // Xref object is not used by the pdf document itself. Some software thus + // reuse an object number for xref object. So when we get an xref object, + // try again to see whether another object with the same number is defined. + // If so, use that object instead. See chromium:596947. + CPDF_Dictionary* dict = + obj->IsStream() ? obj->GetDict() : obj->AsDictionary(); + if (!dict || dict->GetStringBy("Type") != "XRef") + return result_obj; + } if (!m_pParser) return nullptr; CPDF_Object* pObj = m_pParser->ParseIndirectObject(this, objnum); if (!pObj) - return nullptr; + return result_obj; pObj->m_ObjNum = objnum; m_LastObjNum = std::max(m_LastObjNum, objnum); |