diff options
author | weili <weili@chromium.org> | 2016-05-11 17:50:48 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-05-11 17:50:48 -0700 |
commit | f0db33fa39b4497e1b275d0798c1def08741480f (patch) | |
tree | 3cc2842e9e58e0a0c40d186a52dce15cc05db713 /core/fpdfapi/fpdf_parser/cpdf_parser.cpp | |
parent | f7fe678a4ada859a2e4fbbeeb0b1dff5b5887227 (diff) | |
download | pdfium-f0db33fa39b4497e1b275d0798c1def08741480f.tar.xz |
Revert "Reland of relax a couple checks to allow certain non-standard PDF files. (patchset #1 id:1 of https://codereview.chromium.org/1946693002/ )"
This reverts commit a031357eaab7c934ac03717968cf78ff556c819b.
The reason to revert it is that some malformed or maliciously crafted PDF
files may cause crashes.
BUG=610973
Review-Url: https://codereview.chromium.org/1971013002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/cpdf_parser.cpp')
-rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_parser.cpp | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_parser.cpp b/core/fpdfapi/fpdf_parser/cpdf_parser.cpp index c66647846d..acf51de1ea 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_parser.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_parser.cpp @@ -1077,13 +1077,8 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { FX_SAFE_UINT32 dwMaxObjNum = startnum; dwMaxObjNum += count; uint32_t dwV5Size = m_ObjectInfo.empty() ? 0 : GetLastObjNum() + 1; - if (!dwMaxObjNum.IsValid()) + if (!dwMaxObjNum.IsValid() || dwMaxObjNum.ValueOrDie() > dwV5Size) continue; - // When the max object number is larger than the defined size, try to - // increase the size to accomodate more objects. - // Some software messes this up, see chromium:596947. - if (dwMaxObjNum.ValueOrDie() > dwV5Size) - ShrinkObjectMap(dwMaxObjNum.ValueOrDie()); for (uint32_t j = 0; j < count; j++) { int32_t type = 1; |