diff options
| author | weili <weili@chromium.org> | 2016-05-04 09:36:11 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-05-04 09:36:11 -0700 |
| commit | a031357eaab7c934ac03717968cf78ff556c819b (patch) | |
| tree | 01fc5cd2c42322652e56e0e1a01ff2b6a566d125 /core/fpdfapi/fpdf_parser/cpdf_parser.cpp | |
| parent | 696fc8b70c19cf35fd10bc10f547aae74fc6333c (diff) | |
| download | pdfium-a031357eaab7c934ac03717968cf78ff556c819b.tar.xz | |
Reland of lax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1946693002/ )
Reason for revert:
The culprit was found and confirmed, not this one.
Original issue's description:
> Revert of Relax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1926823002/ )
>
> Reason for revert:
> Speculatively revert due to high volume of crashes on Chromium.
>
> Original issue's description:
> > Relax a couple checks to allow certain non-standard PDF files.
> >
> > Some non-standard PDF files misuse the size of cross reference table,
> > and reuse some object number which the old one is still in use. PDFium
> > can relax the reusing of xref objects only since it is not referred in
> > the pdf document. When the size of cross reference table is larger
> > than defined, PDFium will try to continue other than abort.
> >
> > BUG=chromium:596947
> >
> > Committed: https://pdfium.googlesource.com/pdfium/+/cd1e9ff4f432cbc29ed279e6891fb7ddc2ea3734
>
> TBR=thestig@chromium.org,dsinclair@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=chromium:596947
>
> Committed: https://pdfium.googlesource.com/pdfium/+/5fc4f31285c3a88fc157fd2d9b9cf2eb5c7cabed
TBR=thestig@chromium.org,dsinclair@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:596947
Review-Url: https://codereview.chromium.org/1947983002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/cpdf_parser.cpp')
| -rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_parser.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_parser.cpp b/core/fpdfapi/fpdf_parser/cpdf_parser.cpp index acf51de1ea..c66647846d 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_parser.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_parser.cpp @@ -1077,8 +1077,13 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { FX_SAFE_UINT32 dwMaxObjNum = startnum; dwMaxObjNum += count; uint32_t dwV5Size = m_ObjectInfo.empty() ? 0 : GetLastObjNum() + 1; - if (!dwMaxObjNum.IsValid() || dwMaxObjNum.ValueOrDie() > dwV5Size) + if (!dwMaxObjNum.IsValid()) continue; + // When the max object number is larger than the defined size, try to + // increase the size to accomodate more objects. + // Some software messes this up, see chromium:596947. + if (dwMaxObjNum.ValueOrDie() > dwV5Size) + ShrinkObjectMap(dwMaxObjNum.ValueOrDie()); for (uint32_t j = 0; j < count; j++) { int32_t type = 1; |