summaryrefslogtreecommitdiff
path: root/core/fpdfapi/fpdf_parser
diff options
context:
space:
mode:
authorthestig <thestig@chromium.org>2016-08-31 17:12:03 -0700
committerCommit bot <commit-bot@chromium.org>2016-08-31 17:12:03 -0700
commit73e9c31d7eb8ecc59086c29e8e3e5bb4062b4424 (patch)
treeb4585597db3ccb57ffadf3dc0fc2d5068013413f /core/fpdfapi/fpdf_parser
parent6f9ae19b9b125af868077f4eee80a13e0c29c61e (diff)
downloadpdfium-73e9c31d7eb8ecc59086c29e8e3e5bb4062b4424.tar.xz
Check first page number in CPDF_HintTables::ReadPageHintTable().
BUG=642655 Review-Url: https://codereview.chromium.org/2298753003
Diffstat (limited to 'core/fpdfapi/fpdf_parser')
-rw-r--r--core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp14
1 files changed, 11 insertions, 3 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp
index fd8765a2d2..316361aced 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.cpp
@@ -165,6 +165,9 @@ bool CPDF_HintTables::ReadPageHintTable(CFX_BitStream* hStream) {
return false;
int nFirstPageNum = GetFirstPageNumber();
+ if (nFirstPageNum < 0 || nFirstPageNum > std::numeric_limits<int>::max() - 1)
+ return false;
+
for (int i = 0; i < nPages; ++i) {
if (i == nFirstPageNum) {
m_szPageOffsetArray.push_back(m_szFirstPageObjOffset);
@@ -355,6 +358,9 @@ bool CPDF_HintTables::GetPagePos(int index,
FX_FILESIZE* szPageStartPos,
FX_FILESIZE* szPageLength,
uint32_t* dwObjNum) {
+ if (index < 0)
+ return false;
+
*szPageStartPos = m_szPageOffsetArray[index];
*szPageLength = GetItemLength(index, m_szPageOffsetArray);
@@ -363,6 +369,9 @@ bool CPDF_HintTables::GetPagePos(int index,
return false;
int nFirstPageNum = GetFirstPageNumber();
+ if (nFirstPageNum < 0)
+ return false;
+
if (index == nFirstPageNum) {
*dwObjNum = nFirstPageObjNum;
return true;
@@ -381,11 +390,10 @@ bool CPDF_HintTables::GetPagePos(int index,
CPDF_DataAvail::DocAvailStatus CPDF_HintTables::CheckPage(
int index,
CPDF_DataAvail::DownloadHints* pHints) {
- if (!pHints)
+ if (!pHints || index < 0)
return CPDF_DataAvail::DataError;
- int nFirstAvailPage = GetFirstPageNumber();
- if (index == nFirstAvailPage)
+ if (index == GetFirstPageNumber())
return CPDF_DataAvail::DataAvailable;
uint32_t dwLength = GetItemLength(index, m_szPageOffsetArray);