summaryrefslogtreecommitdiff
path: root/core/include/fpdfapi
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2016-03-03 08:59:22 -0500
committerDan Sinclair <dsinclair@chromium.org>2016-03-03 08:59:22 -0500
commit42fb301abcf6b9f6a580f3d30defeadedf5d7ebd (patch)
tree99810ae95593d9d382634b2b7c523b3f66b10136 /core/include/fpdfapi
parent41c7a97a1b303e43652f40f1b96ab7751783d8ed (diff)
downloadpdfium-42fb301abcf6b9f6a580f3d30defeadedf5d7ebd.tar.xz
Fix parsing of object numbers > 16,777,216.
Currently, there is a check that an object number is <= 0x1000000. If that check fails, we end up putting the parser into a bad state and fail to load documents. The object does not need to be in the XRef table, or referenced from the document, just be in the document. This Cl removes the size check and updates the various atoi calls to use a uint32_t instead of an int32_t so we don't end up getting strange values when converting from a string. BUG=455199 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1755273002 .
Diffstat (limited to 'core/include/fpdfapi')
-rw-r--r--core/include/fpdfapi/fpdf_parser.h15
1 files changed, 4 insertions, 11 deletions
diff --git a/core/include/fpdfapi/fpdf_parser.h b/core/include/fpdfapi/fpdf_parser.h
index c57d9f20b9..5903e82a16 100644
--- a/core/include/fpdfapi/fpdf_parser.h
+++ b/core/include/fpdfapi/fpdf_parser.h
@@ -239,43 +239,33 @@ class CPDF_SyntaxParser {
void InitParser(IFX_FileRead* pFileAccess, FX_DWORD HeaderOffset);
FX_FILESIZE SavePos() const { return m_Pos; }
-
void RestorePos(FX_FILESIZE pos) { m_Pos = pos; }
CPDF_Object* GetObject(CPDF_IndirectObjectHolder* pObjList,
FX_DWORD objnum,
FX_DWORD gennum,
FX_BOOL bDecrypt);
-
CPDF_Object* GetObjectByStrict(CPDF_IndirectObjectHolder* pObjList,
FX_DWORD objnum,
FX_DWORD gennum);
-
- int GetDirectNum();
-
CFX_ByteString GetKeyword();
void ToNextLine();
-
void ToNextWord();
FX_BOOL SearchWord(const CFX_ByteStringC& word,
FX_BOOL bWholeWord,
FX_BOOL bForward,
FX_FILESIZE limit);
-
int SearchMultiWord(const CFX_ByteStringC& words,
FX_BOOL bWholeWord,
FX_FILESIZE limit);
-
FX_FILESIZE FindTag(const CFX_ByteStringC& tag, FX_FILESIZE limit);
void SetEncrypt(std::unique_ptr<CPDF_CryptoHandler> pCryptoHandler);
- FX_BOOL GetCharAt(FX_FILESIZE pos, uint8_t& ch);
-
FX_BOOL ReadBlock(uint8_t* pBuf, FX_DWORD size);
-
+ FX_BOOL GetCharAt(FX_FILESIZE pos, uint8_t& ch);
CFX_ByteString GetNextWord(bool* bIsNumber);
protected:
@@ -318,6 +308,9 @@ class CPDF_SyntaxParser {
std::unique_ptr<CPDF_CryptoHandler> m_pCryptoHandler;
uint8_t m_WordBuffer[257];
FX_DWORD m_WordSize;
+
+ private:
+ uint32_t GetDirectNum();
};
class CPDF_Parser {