diff options
author | thestig <thestig@chromium.org> | 2016-05-31 16:57:52 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-05-31 16:57:52 -0700 |
commit | 8f3a31157843d6e3b2ba55acf3aaa5aa81db09e2 (patch) | |
tree | 8413e674b3b3a9c6f3c7e68e29865d4b3e759e54 /core/fpdfapi | |
parent | 73167ff383d7cf6f80bae8d6a22c938db85c834f (diff) | |
download | pdfium-8f3a31157843d6e3b2ba55acf3aaa5aa81db09e2.tar.xz |
Validate a couple of fields in shading dictionaries.
BUG=616246
Review-Url: https://codereview.chromium.org/2022263003
Diffstat (limited to 'core/fpdfapi')
-rw-r--r-- | core/fpdfapi/fpdf_page/cpdf_meshstream.cpp | 51 |
1 files changed, 45 insertions, 6 deletions
diff --git a/core/fpdfapi/fpdf_page/cpdf_meshstream.cpp b/core/fpdfapi/fpdf_page/cpdf_meshstream.cpp index 491a48052a..de35541839 100644 --- a/core/fpdfapi/fpdf_page/cpdf_meshstream.cpp +++ b/core/fpdfapi/fpdf_page/cpdf_meshstream.cpp @@ -10,6 +10,42 @@ #include "core/fpdfapi/fpdf_page/pageint.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" +namespace { + +// See PDF Reference 1.7, page 315, table 4.32. (Also table 4.33 and 4.34) +bool IsValidBitsPerComponent(uint32_t x) { + switch (x) { + case 1: + case 2: + case 4: + case 8: + case 12: + case 16: + return true; + default: + return false; + } +} + +// Same references as IsValidBitsPerComponent() above. +bool IsValidBitsPerCoordinate(uint32_t x) { + switch (x) { + case 1: + case 2: + case 4: + case 8: + case 12: + case 16: + case 24: + case 32: + return true; + default: + return false; + } +} + +} // namespace + CPDF_MeshStream::CPDF_MeshStream( const std::vector<std::unique_ptr<CPDF_Function>>& funcs, CPDF_ColorSpace* pCS) @@ -20,21 +56,24 @@ bool CPDF_MeshStream::Load(CPDF_Stream* pShadingStream) { m_BitStream.Init(m_Stream.GetData(), m_Stream.GetSize()); CPDF_Dictionary* pDict = pShadingStream->GetDict(); m_nCoordBits = pDict->GetIntegerBy("BitsPerCoordinate"); + if (!IsValidBitsPerCoordinate(m_nCoordBits)) + return false; + m_nCompBits = pDict->GetIntegerBy("BitsPerComponent"); - m_nFlagBits = pDict->GetIntegerBy("BitsPerFlag"); - if (!m_nCoordBits || !m_nCompBits) - return FALSE; + if (!IsValidBitsPerComponent(m_nCompBits)) + return false; + m_nFlagBits = pDict->GetIntegerBy("BitsPerFlag"); uint32_t nComps = m_pCS->CountComponents(); if (nComps > 8) - return FALSE; + return false; m_nComps = m_funcs.empty() ? nComps : 1; m_CoordMax = m_nCoordBits == 32 ? -1 : (1 << m_nCoordBits) - 1; m_CompMax = (1 << m_nCompBits) - 1; CPDF_Array* pDecode = pDict->GetArrayBy("Decode"); if (!pDecode || pDecode->GetCount() != 4 + m_nComps * 2) - return FALSE; + return false; m_xmin = pDecode->GetNumberAt(0); m_xmax = pDecode->GetNumberAt(1); @@ -44,7 +83,7 @@ bool CPDF_MeshStream::Load(CPDF_Stream* pShadingStream) { m_ColorMin[i] = pDecode->GetNumberAt(i * 2 + 4); m_ColorMax[i] = pDecode->GetNumberAt(i * 2 + 5); } - return TRUE; + return true; } uint32_t CPDF_MeshStream::GetFlag() { |