summaryrefslogtreecommitdiff
path: root/core/fpdfapi/parser
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-04-03 15:02:37 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-03 15:02:37 +0000
commite96e6fdddaffa2b4b82df4d4d551333939fb78c9 (patch)
tree22a96b227518590107210a47aa34a2095cbb3834 /core/fpdfapi/parser
parent75304f915c5c095e916d4eca0152d4ccbb2a9147 (diff)
downloadpdfium-e96e6fdddaffa2b4b82df4d4d551333939fb78c9.tar.xz
Off-by-one in CPDF_StreamParser::ParseNextElement()
Limit the token to 255 bytes + NUL. Also, shuffle fields in cpdf_streamparser to allow memory tools to better check this inline array. Bug: 828049 Change-Id: I444f2b4c6958167577d9cd76c06805baf7d5c26c Reviewed-on: https://pdfium-review.googlesource.com/29530 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r--core/fpdfapi/parser/cpdf_parser_embeddertest.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
index 4109715a9c..3b8f550253 100644
--- a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
+++ b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
@@ -73,3 +73,10 @@ TEST_F(CPDFParserEmbeddertest, LoadMainCrossRefTable) {
FPDFText_ClosePage(text_page);
UnloadPage(page);
}
+
+TEST_F(CPDFParserEmbeddertest, Bug_828049) {
+ EXPECT_TRUE(OpenDocument("bug_828049.pdf"));
+ FPDF_PAGE page = LoadPage(0);
+ EXPECT_NE(nullptr, page);
+ UnloadPage(page);
+}