diff options
author | Jun Fang <jun_fang@foxitsoftware.com> | 2014-08-22 17:06:32 -0700 |
---|---|---|
committer | Jun Fang <jun_fang@foxitsoftware.com> | 2014-08-22 17:06:32 -0700 |
commit | c655167ed83f78a38264457e65dd11e653ab981d (patch) | |
tree | a81b38c5cf8a1848ea6c5a67e38a0e4b8798b800 /core/src/fpdfapi | |
parent | aeacba4a612a0a35b3e834d778716968c661f3ec (diff) | |
download | pdfium-c655167ed83f78a38264457e65dd11e653ab981d.tar.xz |
Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize'
BUG=387983
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/454283002
Diffstat (limited to 'core/src/fpdfapi')
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index ce397d2a53..d05dea4470 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -2729,7 +2729,7 @@ CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea m_dwPrevXRefOffset = 0; m_dwLastXRefOffset = 0; m_bDocAvail = FALSE; - m_bMainXRefLoad = FALSE; + m_bMainXRefLoadTried = FALSE; m_bDocAvail = FALSE; m_bLinearized = FALSE; m_bPagesLoad = FALSE; @@ -4107,23 +4107,30 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedData(IFX_DownloadHints* pHints) if (m_bLinearedDataOK) { return TRUE; } - if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset))) { - pHints->AddSegment(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset)); - return FALSE; - } - FX_DWORD dwRet = 0; - if (!m_bMainXRefLoad) { - dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable(); - if (dwRet == PDFPARSE_ERROR_SUCCESS) { - if (!PreparePageItem()) { - return FALSE; - } - m_bMainXRefLoadedOK = TRUE; + + if (!m_bMainXRefLoadTried) { + FX_SAFE_DWORD data_size = m_dwFileLen; + data_size -= m_dwLastXRefOffset; + if (!data_size.IsValid()) { + return FALSE; + } + if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, data_size.ValueOrDie())) { + pHints->AddSegment(m_dwLastXRefOffset, data_size.ValueOrDie()); + return FALSE; } - m_bMainXRefLoad = TRUE; + FX_DWORD dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable(); + m_bMainXRefLoadTried = TRUE; + if (dwRet != PDFPARSE_ERROR_SUCCESS) { + return FALSE; + } + if (!PreparePageItem()) { + return FALSE; + } + m_bMainXRefLoadedOK = TRUE; + m_bLinearedDataOK = TRUE; } - m_bLinearedDataOK = TRUE; - return TRUE; + + return m_bLinearedDataOK; } FX_BOOL CPDF_DataAvail::CheckPageAnnots(FX_INT32 iPage, IFX_DownloadHints* pHints) { @@ -4351,7 +4358,7 @@ FX_INT32 CPDF_DataAvail::IsFormAvail(IFX_DownloadHints *pHints) if (!pAcroForm) { return PDFFORM_NOTEXIST; } - if (!m_bMainXRefLoad && !CheckLinearizedData(pHints)) { + if (!CheckLinearizedData(pHints)) { return PDFFORM_NOTAVAIL; } if (!m_objs_array.GetSize()) { |