diff options
author | Henrique Nakashima <hnakashima@chromium.org> | 2018-01-30 19:12:10 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-01-30 19:12:10 +0000 |
commit | aa1c7873c39964d063c89c14815e3fc566bbd896 (patch) | |
tree | 257726f71b9318d51587a9ed0d414e7acbdb0b46 /core/fpdfapi/page/cpdf_streamparser.cpp | |
parent | 8cdea72a82aae5e07aa92e9886dbbe635eb8b7cc (diff) | |
download | pdfium-aa1c7873c39964d063c89c14815e3fc566bbd896.tar.xz |
Guard usages of tellp(). It may return -1 in error cases.
Change-Id: I064ddcad8671b9ade2c02142a6c2c2983846e3a9
Reviewed-on: https://pdfium-review.googlesource.com/24650
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_streamparser.cpp')
-rw-r--r-- | core/fpdfapi/page/cpdf_streamparser.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp index 2c7e0256f5..71c8c8d29a 100644 --- a/core/fpdfapi/page/cpdf_streamparser.cpp +++ b/core/fpdfapi/page/cpdf_streamparser.cpp @@ -478,6 +478,9 @@ ByteString CPDF_StreamParser::ReadString() { case 0: if (ch == ')') { if (parlevel == 0) { + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); @@ -557,6 +560,9 @@ ByteString CPDF_StreamParser::ReadString() { if (PositionIsInBounds()) ++m_Pos; + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); @@ -590,6 +596,9 @@ ByteString CPDF_StreamParser::ReadHexString() { if (!bFirst) buf << static_cast<char>(code); + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); |