diff options
author | Henrique Nakashima <hnakashima@chromium.org> | 2017-10-10 10:46:15 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-10 14:58:54 +0000 |
commit | dd002931a16a99b0c6e6ae7b6cba9d4dafb27e18 (patch) | |
tree | 95ca9c54d1bed604a543b2e6dd4f2d3b78e64574 /core | |
parent | b962ecceb7a7d961fdebc1bdf314d450cc6bf204 (diff) | |
download | pdfium-dd002931a16a99b0c6e6ae7b6cba9d4dafb27e18.tar.xz |
Fix crash when offset > file_size_ in cpdf_read_validator.cpp.
Reinstating a check that was lost in
https://pdfium-review.googlesource.com/c/pdfium/+/15270
Change-Id: Ic0a7fee71aff605127d7e3789cc54b7ddfb9e399
Reviewed-on: https://pdfium-review.googlesource.com/15631
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/fpdfapi/parser/cpdf_read_validator.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_read_validator_unittest.cpp | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_read_validator.cpp b/core/fpdfapi/parser/cpdf_read_validator.cpp index 2363f851ec..d850561bd3 100644 --- a/core/fpdfapi/parser/cpdf_read_validator.cpp +++ b/core/fpdfapi/parser/cpdf_read_validator.cpp @@ -125,6 +125,9 @@ bool CPDF_ReadValidator::IsWholeFileAvailable() { bool CPDF_ReadValidator::CheckDataRangeAndRequestIfUnavailable( FX_FILESIZE offset, size_t size) { + if (offset > file_size_) + return true; + FX_SAFE_FILESIZE end_segment_offset = offset; end_segment_offset += size; // Increase checked range to allow CPDF_SyntaxParser read whole buffer. diff --git a/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp b/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp index 89b7e6b4de..247abaa9f4 100644 --- a/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp +++ b/core/fpdfapi/parser/cpdf_read_validator_unittest.cpp @@ -289,5 +289,13 @@ TEST(CPDF_ReadValidatorTest, CheckDataRangeAndRequestIfUnavailable) { EXPECT_FALSE(validator->read_error()); EXPECT_TRUE(validator->has_unavailable_data()); + validator->ResetErrors(); + // Offset > file size should yield |true| and not cause a fetch. + EXPECT_TRUE( + validator->CheckDataRangeAndRequestIfUnavailable(kTestDataSize + 1, 1)); + // No new request on already available data. + EXPECT_FALSE(validator->read_error()); + EXPECT_FALSE(validator->has_unavailable_data()); + validator->SetDownloadHints(nullptr); } |