Validate decoder pipelines.

PDF decoders, AKA filters, can be chained together. There can be an arbitrary number of decoding / decompressing filters in the pipeline, but there should be at most 1 image decoder, and the image decoder should only be at the end of the chain. BUG=chromium:880675 Change-Id: Iffa27c70ec1ed7574e38e0de23413840ee900959 Reviewed-on: https://pdfium-review.googlesource.com/42711 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2018-09-19 17:26:34 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-09-19 17:26:34 +0000
commit: 5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400 (patch)
tree: e8a88e10a99a4bfdd7ffd7eab96583dbc27a756c /core/fpdfapi/parser/fpdf_parser_decode.cpp
parent: c3099d1c694251a654edc6cb72df8adb5e2268ab (diff)
download: pdfium-5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400.tar.xz
1 files changed, 20 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/fpdf_parser_decode.cpp b/core/fpdfapi/parser/fpdf_parser_decode.cpp
index eafb8ee8a3..2f73b3a4cb 100644
--- a/core/fpdfapi/parser/fpdf_parser_decode.cpp
+++ b/core/fpdfapi/parser/fpdf_parser_decode.cpp
@@ -24,6 +24,7 @@
 #include "core/fxcodec/fx_codec.h"
 #include "core/fxcrt/fx_extension.h"
 #include "third_party/base/numerics/safe_math.h"
+#include "third_party/base/stl_util.h"
 
 namespace {
 
@@ -87,6 +88,22 @@ const uint16_t PDFDocEncoding[256] = {
     0x00f3, 0x00f4, 0x00f5, 0x00f6, 0x00f7, 0x00f8, 0x00f9, 0x00fa, 0x00fb,
     0x00fc, 0x00fd, 0x00fe, 0x00ff};
 
+bool ValidateDecoderPipeline(const CPDF_Array* pDecoders) {
+  size_t count = pDecoders->GetCount();
+  if (count <= 1)
+    return true;
+
+  // TODO(thestig): Consolidate all the places that use these filter names.
+  static const char kValidDecoders[][16] = {
+      "FlateDecode",    "Fl",  "LZWDecode",       "LZW", "ASCII85Decode", "A85",
+      "ASCIIHexDecode", "AHx", "RunLengthDecode", "RL"};
+  for (size_t i = 0; i < count - 1; ++i) {
+    if (!pdfium::ContainsValue(kValidDecoders, pDecoders->GetStringAt(i)))
+      return false;
+  }
+  return true;
+}
+
 uint32_t A85Decode(pdfium::span<const uint8_t> src_span,
                    std::unique_ptr<uint8_t, FxFreeDeleter>* dest_buf,
                    uint32_t* dest_size) {
@@ -359,6 +376,9 @@ bool PDF_DataDecode(pdfium::span<const uint8_t> src_span,
 
   std::vector<std::pair<ByteString, const CPDF_Object*>> DecoderArray;
   if (const CPDF_Array* pDecoders = pDecoder->AsArray()) {
+    if (!ValidateDecoderPipeline(pDecoders))
+      return false;
+
     const CPDF_Array* pParamsArray = ToArray(pParams);
     for (size_t i = 0; i < pDecoders->GetCount(); ++i) {
       DecoderArray.push_back(
author	Lei Zhang <thestig@chromium.org>	2018-09-19 17:26:34 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-09-19 17:26:34 +0000
commit	5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400 (patch)
tree	e8a88e10a99a4bfdd7ffd7eab96583dbc27a756c /core/fpdfapi/parser/fpdf_parser_decode.cpp
parent	c3099d1c694251a654edc6cb72df8adb5e2268ab (diff)
download	pdfium-5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400.tar.xz