summaryrefslogtreecommitdiff
path: root/core/src
diff options
context:
space:
mode:
authorWei Li <weili@chromium.org>2016-01-11 14:05:41 -0800
committerWei Li <weili@chromium.org>2016-01-11 14:05:41 -0800
commitd3ab0f383f6736657480a8bb418c5e715a1aed3b (patch)
tree6bd44985062431e5d0e78c5d55a7e7cd2df54437 /core/src
parent494ea0af63620c6839f724111d0b955cbe93e1c3 (diff)
downloadpdfium-d3ab0f383f6736657480a8bb418c5e715a1aed3b.tar.xz
Fix an infinite loop parsing in CPDF_SyntaxParser::GetObject()
CPDF_SyntaxParser::GetObject() may enter into an infinite loop when a signature dictionary doesn't have 'Contents' field. Add a check to avoid that. BUG=pdfium:344 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1575833004 .
Diffstat (limited to 'core/src')
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index 3ab4423172..49d6760c65 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -2163,12 +2163,13 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList,
pDict->SetAt(keyNoSlash, pObj);
}
- if (IsSignatureDict(pDict.get())) {
- FX_FILESIZE dwSavePos = m_Pos;
+ // Only when this is a signature dictionary and has contents, we reset the
+ // contents to the un-decrypted form.
+ if (IsSignatureDict(pDict.get()) && dwSignValuePos) {
+ CFX_AutoRestorer<FX_FILESIZE> save_pos(&m_Pos);
m_Pos = dwSignValuePos;
CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, nullptr, FALSE);
pDict->SetAt("Contents", pObj);
- m_Pos = dwSavePos;
}
if (pContext) {
pContext->m_DictEnd = m_Pos;