summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorHenrique Nakashima <hnakashima@chromium.org>2018-09-06 17:30:56 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-09-06 17:30:56 +0000
commit59d21660a3d91d9b340fdb0211e20358806590e1 (patch)
tree94839c96602a42df67535eef118eb11141dcb1e0 /core
parentad370480282dd788afc80563cebb492c02644998 (diff)
downloadpdfium-59d21660a3d91d9b340fdb0211e20358806590e1.tar.xz
Fix integer overflow in LoadCryptInfo.
Bug: 847283 Change-Id: I7951103a5a425407b5375460a5556e8765430740 Reviewed-on: https://pdfium-review.googlesource.com/42090 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/parser/cpdf_security_handler.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index bc72ad3b33..f3d9201cbf 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -157,6 +157,9 @@ static bool LoadCryptInfo(const CPDF_Dictionary* pEncryptDict,
} else {
nKeyBits = pEncryptDict->GetIntegerFor("Length", 256);
}
+ if (nKeyBits < 0)
+ return false;
+
if (nKeyBits < 40) {
nKeyBits *= 8;
}