summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorHenrique Nakashima <hnakashima@chromium.org>2017-10-10 10:46:15 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-10-10 14:58:54 +0000
commitdd002931a16a99b0c6e6ae7b6cba9d4dafb27e18 (patch)
tree95ca9c54d1bed604a543b2e6dd4f2d3b78e64574 /core
parentb962ecceb7a7d961fdebc1bdf314d450cc6bf204 (diff)
downloadpdfium-dd002931a16a99b0c6e6ae7b6cba9d4dafb27e18.tar.xz
Fix crash when offset > file_size_ in cpdf_read_validator.cpp.
Reinstating a check that was lost in https://pdfium-review.googlesource.com/c/pdfium/+/15270 Change-Id: Ic0a7fee71aff605127d7e3789cc54b7ddfb9e399 Reviewed-on: https://pdfium-review.googlesource.com/15631 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/parser/cpdf_read_validator.cpp3
-rw-r--r--core/fpdfapi/parser/cpdf_read_validator_unittest.cpp8
2 files changed, 11 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_read_validator.cpp b/core/fpdfapi/parser/cpdf_read_validator.cpp
index 2363f851ec..d850561bd3 100644
--- a/core/fpdfapi/parser/cpdf_read_validator.cpp
+++ b/core/fpdfapi/parser/cpdf_read_validator.cpp
@@ -125,6 +125,9 @@ bool CPDF_ReadValidator::IsWholeFileAvailable() {
bool CPDF_ReadValidator::CheckDataRangeAndRequestIfUnavailable(
FX_FILESIZE offset,
size_t size) {
+ if (offset > file_size_)
+ return true;
+
FX_SAFE_FILESIZE end_segment_offset = offset;
end_segment_offset += size;
// Increase checked range to allow CPDF_SyntaxParser read whole buffer.
diff --git a/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp b/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp
index 89b7e6b4de..247abaa9f4 100644
--- a/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp
+++ b/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp
@@ -289,5 +289,13 @@ TEST(CPDF_ReadValidatorTest, CheckDataRangeAndRequestIfUnavailable) {
EXPECT_FALSE(validator->read_error());
EXPECT_TRUE(validator->has_unavailable_data());
+ validator->ResetErrors();
+ // Offset > file size should yield |true| and not cause a fetch.
+ EXPECT_TRUE(
+ validator->CheckDataRangeAndRequestIfUnavailable(kTestDataSize + 1, 1));
+ // No new request on already available data.
+ EXPECT_FALSE(validator->read_error());
+ EXPECT_FALSE(validator->has_unavailable_data());
+
validator->SetDownloadHints(nullptr);
}