diff options
author | Tom Sepez <tsepez@chromium.org> | 2014-08-25 14:59:02 -0700 |
---|---|---|
committer | Tom Sepez <tsepez@chromium.org> | 2014-08-25 14:59:02 -0700 |
commit | a3c721599174abedd7c1ffe2ea03637e6c5e97b1 (patch) | |
tree | 09654e30792f0136e0569daead62dc5996addc88 /core/src | |
parent | 1dfbe601cfd9e1b5edb14d18d6a76c7e6d44d45f (diff) | |
download | pdfium-a3c721599174abedd7c1ffe2ea03637e6c5e97b1.tar.xz |
Perform better input checks in early steps of parser.
BUG=406591
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/501823003
Diffstat (limited to 'core/src')
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index d05dea4470..f1ca1041bf 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -51,6 +51,7 @@ CPDF_Parser::CPDF_Parser() m_dwFirstPageNo = 0; m_dwXrefStartObjNum = 0; m_bOwnFileRead = TRUE; + m_FileVersion = 0; m_bForceUseSecurityHandler = FALSE; } CPDF_Parser::~CPDF_Parser() @@ -158,10 +159,21 @@ FX_DWORD CPDF_Parser::StartParse(IFX_FileRead* pFileAccess, FX_BOOL bReParse, FX } m_Syntax.InitParser(pFileAccess, offset); FX_BYTE ch; - m_Syntax.GetCharAt(5, ch); - m_FileVersion = (ch - '0') * 10; - m_Syntax.GetCharAt(7, ch); - m_FileVersion += ch - '0'; + if (!m_Syntax.GetCharAt(5, ch)) { + return PDFPARSE_ERROR_FORMAT; + } + if (ch >= '0' && ch <= '9') { + m_FileVersion = (ch - '0') * 10; + } + if (!m_Syntax.GetCharAt(7, ch)) { + return PDFPARSE_ERROR_FORMAT; + } + if (ch >= '0' && ch <= '9') { + m_FileVersion += ch - '0'; + } + if (m_Syntax.m_FileLen < m_Syntax.m_HeaderOffset + 9) { + return PDFPARSE_ERROR_FORMAT; + } m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9); if (!bReParse) { m_pDocument = FX_NEW CPDF_Document(this); |