summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2014-08-25 14:59:02 -0700
committerTom Sepez <tsepez@chromium.org>2014-08-25 14:59:02 -0700
commita3c721599174abedd7c1ffe2ea03637e6c5e97b1 (patch)
tree09654e30792f0136e0569daead62dc5996addc88 /core
parent1dfbe601cfd9e1b5edb14d18d6a76c7e6d44d45f (diff)
downloadpdfium-a3c721599174abedd7c1ffe2ea03637e6c5e97b1.tar.xz
Perform better input checks in early steps of parser.
BUG=406591 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/501823003
Diffstat (limited to 'core')
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp20
1 files changed, 16 insertions, 4 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index d05dea4470..f1ca1041bf 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -51,6 +51,7 @@ CPDF_Parser::CPDF_Parser()
m_dwFirstPageNo = 0;
m_dwXrefStartObjNum = 0;
m_bOwnFileRead = TRUE;
+ m_FileVersion = 0;
m_bForceUseSecurityHandler = FALSE;
}
CPDF_Parser::~CPDF_Parser()
@@ -158,10 +159,21 @@ FX_DWORD CPDF_Parser::StartParse(IFX_FileRead* pFileAccess, FX_BOOL bReParse, FX
}
m_Syntax.InitParser(pFileAccess, offset);
FX_BYTE ch;
- m_Syntax.GetCharAt(5, ch);
- m_FileVersion = (ch - '0') * 10;
- m_Syntax.GetCharAt(7, ch);
- m_FileVersion += ch - '0';
+ if (!m_Syntax.GetCharAt(5, ch)) {
+ return PDFPARSE_ERROR_FORMAT;
+ }
+ if (ch >= '0' && ch <= '9') {
+ m_FileVersion = (ch - '0') * 10;
+ }
+ if (!m_Syntax.GetCharAt(7, ch)) {
+ return PDFPARSE_ERROR_FORMAT;
+ }
+ if (ch >= '0' && ch <= '9') {
+ m_FileVersion += ch - '0';
+ }
+ if (m_Syntax.m_FileLen < m_Syntax.m_HeaderOffset + 9) {
+ return PDFPARSE_ERROR_FORMAT;
+ }
m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9);
if (!bReParse) {
m_pDocument = FX_NEW CPDF_Document(this);