summaryrefslogtreecommitdiff
path: root/core/src/fpdfapi
diff options
context:
space:
mode:
authorJun Fang <jun_fang@foxitsoftware.com>2014-08-22 17:06:32 -0700
committerJun Fang <jun_fang@foxitsoftware.com>2014-08-22 17:06:32 -0700
commitc655167ed83f78a38264457e65dd11e653ab981d (patch)
treea81b38c5cf8a1848ea6c5a67e38a0e4b8798b800 /core/src/fpdfapi
parentaeacba4a612a0a35b3e834d778716968c661f3ec (diff)
downloadpdfium-c655167ed83f78a38264457e65dd11e653ab981d.tar.xz
Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize'
BUG=387983 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/454283002
Diffstat (limited to 'core/src/fpdfapi')
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp41
1 files changed, 24 insertions, 17 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index ce397d2a53..d05dea4470 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -2729,7 +2729,7 @@ CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea
m_dwPrevXRefOffset = 0;
m_dwLastXRefOffset = 0;
m_bDocAvail = FALSE;
- m_bMainXRefLoad = FALSE;
+ m_bMainXRefLoadTried = FALSE;
m_bDocAvail = FALSE;
m_bLinearized = FALSE;
m_bPagesLoad = FALSE;
@@ -4107,23 +4107,30 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedData(IFX_DownloadHints* pHints)
if (m_bLinearedDataOK) {
return TRUE;
}
- if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset))) {
- pHints->AddSegment(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset));
- return FALSE;
- }
- FX_DWORD dwRet = 0;
- if (!m_bMainXRefLoad) {
- dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();
- if (dwRet == PDFPARSE_ERROR_SUCCESS) {
- if (!PreparePageItem()) {
- return FALSE;
- }
- m_bMainXRefLoadedOK = TRUE;
+
+ if (!m_bMainXRefLoadTried) {
+ FX_SAFE_DWORD data_size = m_dwFileLen;
+ data_size -= m_dwLastXRefOffset;
+ if (!data_size.IsValid()) {
+ return FALSE;
+ }
+ if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, data_size.ValueOrDie())) {
+ pHints->AddSegment(m_dwLastXRefOffset, data_size.ValueOrDie());
+ return FALSE;
}
- m_bMainXRefLoad = TRUE;
+ FX_DWORD dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();
+ m_bMainXRefLoadTried = TRUE;
+ if (dwRet != PDFPARSE_ERROR_SUCCESS) {
+ return FALSE;
+ }
+ if (!PreparePageItem()) {
+ return FALSE;
+ }
+ m_bMainXRefLoadedOK = TRUE;
+ m_bLinearedDataOK = TRUE;
}
- m_bLinearedDataOK = TRUE;
- return TRUE;
+
+ return m_bLinearedDataOK;
}
FX_BOOL CPDF_DataAvail::CheckPageAnnots(FX_INT32 iPage, IFX_DownloadHints* pHints)
{
@@ -4351,7 +4358,7 @@ FX_INT32 CPDF_DataAvail::IsFormAvail(IFX_DownloadHints *pHints)
if (!pAcroForm) {
return PDFFORM_NOTEXIST;
}
- if (!m_bMainXRefLoad && !CheckLinearizedData(pHints)) {
+ if (!CheckLinearizedData(pHints)) {
return PDFFORM_NOTAVAIL;
}
if (!m_objs_array.GetSize()) {