diff options
author | thestig <thestig@chromium.org> | 2016-08-10 10:33:54 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-08-10 10:33:54 -0700 |
commit | d83842e0b9ef6e25ab28642e2a146159ac9f3596 (patch) | |
tree | 64c26590e14de78674813ee25691894657caad87 /core/fpdfapi/fpdf_parser | |
parent | 9ada2d83cbb629f286936ebc7a208a61164f873b (diff) | |
download | pdfium-d83842e0b9ef6e25ab28642e2a146159ac9f3596.tar.xz |
Clean up CPDF_HintTables::LoadHintStream a little.
- Return earlier when possible.
- Fail rather than crash on invalid values.
Review-Url: https://codereview.chromium.org/2235843002
Diffstat (limited to 'core/fpdfapi/fpdf_parser')
-rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp index dfb34cbd58..fd723a8fa8 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp @@ -428,6 +428,9 @@ FX_BOOL CPDF_HintTables::LoadHintStream(CPDF_Stream* pHintStream) { return FALSE; int shared_hint_table_offset = pOffset->GetInteger(); + if (shared_hint_table_offset <= 0) + return FALSE; + CPDF_StreamAcc acc; acc.LoadAllData(pHintStream); @@ -435,17 +438,20 @@ FX_BOOL CPDF_HintTables::LoadHintStream(CPDF_Stream* pHintStream) { // The header section of page offset hint table is 36 bytes. // The header section of shared object hint table is 24 bytes. // Hint table has at least 60 bytes. - const uint32_t MIN_STREAM_LEN = 60; - if (size < MIN_STREAM_LEN || shared_hint_table_offset <= 0 || - size < static_cast<uint32_t>(shared_hint_table_offset)) { + const uint32_t kMinStreamLength = 60; + if (size < kMinStreamLength) + return FALSE; + + FX_SAFE_UINT32 safe_shared_hint_table_offset = shared_hint_table_offset; + if (!safe_shared_hint_table_offset.IsValid() || + size < safe_shared_hint_table_offset.ValueOrDie()) { return FALSE; } CFX_BitStream bs; bs.Init(acc.GetData(), size); return ReadPageHintTable(&bs) && - ReadSharedObjHintTable(&bs, pdfium::base::checked_cast<uint32_t>( - shared_hint_table_offset)); + ReadSharedObjHintTable(&bs, shared_hint_table_offset); } int CPDF_HintTables::ReadPrimaryHintStreamOffset() const { |