summaryrefslogtreecommitdiff
path: root/core/fpdfapi
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-04-05 17:54:26 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-05 17:54:26 +0000
commit10f9fb3f10bc47b3317fe1c8b55711015fb7de87 (patch)
tree6c0eb743dcb4811a65e53a045db52c7ffc090cc5 /core/fpdfapi
parent0a3083377ab87c841cec180932b57a416f6475d2 (diff)
downloadpdfium-10f9fb3f10bc47b3317fe1c8b55711015fb7de87.tar.xz
Ignore bad data in the shared object hint table.
Currently this is being treated as a case of "data not available" which leads to an infinite loop. BUG=pdfium:1055 Change-Id: I2722a5b364d56a4ad5b7cca2a4b42e6b13a933f4 Reviewed-on: https://pdfium-review.googlesource.com/29831 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fpdfapi')
-rw-r--r--core/fpdfapi/parser/cpdf_hint_tables.cpp5
1 files changed, 3 insertions, 2 deletions
diff --git a/core/fpdfapi/parser/cpdf_hint_tables.cpp b/core/fpdfapi/parser/cpdf_hint_tables.cpp
index c9123d4b97..381b160233 100644
--- a/core/fpdfapi/parser/cpdf_hint_tables.cpp
+++ b/core/fpdfapi/parser/cpdf_hint_tables.cpp
@@ -418,8 +418,9 @@ CPDF_DataAvail::DocAvailStatus CPDF_HintTables::CheckPage(uint32_t index) {
return CPDF_DataAvail::DataError;
if (!m_pValidator->CheckDataRangeAndRequestIfUnavailable(
- m_szPageOffsetArray[index], dwLength))
+ m_szPageOffsetArray[index], dwLength)) {
return CPDF_DataAvail::DataNotAvailable;
+ }
// Download data of shared objects in the page.
uint32_t offset = 0;
@@ -435,7 +436,7 @@ CPDF_DataAvail::DocAvailStatus CPDF_HintTables::CheckPage(uint32_t index) {
for (uint32_t j = 0; j < m_dwNSharedObjsArray[index]; ++j) {
dwIndex = m_dwIdentifierArray[offset + j];
if (dwIndex >= m_dwSharedObjNumArray.size())
- return CPDF_DataAvail::DataNotAvailable;
+ continue;
dwObjNum = m_dwSharedObjNumArray[dwIndex];
if (dwObjNum >= static_cast<uint32_t>(nFirstPageObjNum) &&