summaryrefslogtreecommitdiff
path: root/core/src
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2015-04-27 13:24:03 -0700
committerTom Sepez <tsepez@chromium.org>2015-04-27 13:24:03 -0700
commitbb93b0ba5b3c430d3b996e2c009d48feb17a44c3 (patch)
tree6f62b5280dd1755d8b52c775484b20cbe22fd7d5 /core/src
parent99ee3d3527bc00f83f01e1db007d190a6b3458f5 (diff)
downloadpdfium-bb93b0ba5b3c430d3b996e2c009d48feb17a44c3.tar.xz
SEGV in CFX_BaseSegmentedArray::Iterate() when CS has malformed dictionary.
Failure to check document-controlled value before using it. BUG=481363 R=palmer@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1110653002
Diffstat (limited to 'core/src')
-rw-r--r--core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp3
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp5
2 files changed, 8 insertions, 0 deletions
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index fc4e282f10..b6bf7950ff 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
@@ -438,6 +438,9 @@ public:
FX_BOOL CPDF_LabCS::v_Load(CPDF_Document* pDoc, CPDF_Array* pArray)
{
CPDF_Dictionary* pDict = pArray->GetDict(1);
+ if (!pDict) {
+ return FALSE;
+ }
CPDF_Array* pParam = pDict->GetArray(FX_BSTRC("WhitePoint"));
int i;
for (i = 0; i < 3; i ++) {
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp
index 838c4316de..e00887ff5f 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp
@@ -13,3 +13,8 @@ TEST_F(FPDFParserEmbeddertest, LoadError_454695) {
EXPECT_TRUE(OpenDocument("testing/resources/bug_454695.pdf"));
}
+TEST_F(FPDFParserEmbeddertest, Bug_481363) {
+ // Test colorspace object with malformed dictionary.
+ EXPECT_TRUE(OpenDocument("testing/resources/bug_481363.pdf"));
+ EXPECT_NE(nullptr, LoadPage(0));
+}