diff options
| author | Henrique Nakashima <hnakashima@chromium.org> | 2018-01-30 19:12:10 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-01-30 19:12:10 +0000 |
| commit | aa1c7873c39964d063c89c14815e3fc566bbd896 (patch) | |
| tree | 257726f71b9318d51587a9ed0d414e7acbdb0b46 /core/fpdfapi | |
| parent | 8cdea72a82aae5e07aa92e9886dbbe635eb8b7cc (diff) | |
| download | pdfium-aa1c7873c39964d063c89c14815e3fc566bbd896.tar.xz | |
Guard usages of tellp(). It may return -1 in error cases.
Change-Id: I064ddcad8671b9ade2c02142a6c2c2983846e3a9
Reviewed-on: https://pdfium-review.googlesource.com/24650
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fpdfapi')
| -rw-r--r-- | core/fpdfapi/page/cpdf_streamparser.cpp | 9 | ||||
| -rw-r--r-- | core/fpdfapi/parser/cpdf_stream.cpp | 10 |
2 files changed, 19 insertions, 0 deletions
diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp index 2c7e0256f5..71c8c8d29a 100644 --- a/core/fpdfapi/page/cpdf_streamparser.cpp +++ b/core/fpdfapi/page/cpdf_streamparser.cpp @@ -478,6 +478,9 @@ ByteString CPDF_StreamParser::ReadString() { case 0: if (ch == ')') { if (parlevel == 0) { + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); @@ -557,6 +560,9 @@ ByteString CPDF_StreamParser::ReadString() { if (PositionIsInBounds()) ++m_Pos; + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); @@ -590,6 +596,9 @@ ByteString CPDF_StreamParser::ReadHexString() { if (!bFirst) buf << static_cast<char>(code); + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast<size_t>(buf.tellp()), kMaxStringLength)); diff --git a/core/fpdfapi/parser/cpdf_stream.cpp b/core/fpdfapi/parser/cpdf_stream.cpp index 074e747a78..5ff748469b 100644 --- a/core/fpdfapi/parser/cpdf_stream.cpp +++ b/core/fpdfapi/parser/cpdf_stream.cpp @@ -100,6 +100,11 @@ void CPDF_Stream::SetDataAndRemoveFilter(const uint8_t* pData, uint32_t size) { } void CPDF_Stream::SetDataAndRemoveFilter(std::ostringstream* stream) { + if (stream->tellp() <= 0) { + SetDataAndRemoveFilter(nullptr, 0); + return; + } + SetDataAndRemoveFilter( reinterpret_cast<const uint8_t*>(stream->str().c_str()), stream->tellp()); } @@ -125,6 +130,11 @@ void CPDF_Stream::SetData(std::unique_ptr<uint8_t, FxFreeDeleter> pData, } void CPDF_Stream::SetData(std::ostringstream* stream) { + if (stream->tellp() <= 0) { + SetData(nullptr, 0); + return; + } + SetData(reinterpret_cast<const uint8_t*>(stream->str().c_str()), stream->tellp()); } |