diff options
author | Tom Sepez <tsepez@chromium.org> | 2015-06-30 12:18:55 -0700 |
---|---|---|
committer | Tom Sepez <tsepez@chromium.org> | 2015-06-30 12:18:55 -0700 |
commit | 74742a75ac7a07c08cf36fe6f4eaa91bed8236a3 (patch) | |
tree | cd7863a159b4c8dd691aa280efee56158e1ee42e /fpdfsdk | |
parent | c01c977c9c6e56faf709400547c9b085b8972024 (diff) | |
download | pdfium-74742a75ac7a07c08cf36fe6f4eaa91bed8236a3.tar.xz |
Redo range check in CPDF_SampledFunc::v_Call().
The current |bitpos1| calculation protects the passed argument to
_GetBits32(): |bitpos.ValueOrDie() + j * m_nBitsPerSample|, but doesn't
account for adding in the sample length in that routine.
Also bound bits per sample to something reasonable to avoid undefined
behaviour on the shift to compute the max value.
BUG=471990
R=jun_fang@foxitsoftware.com
Review URL: https://codereview.chromium.org/1219663003.
Diffstat (limited to 'fpdfsdk')
-rw-r--r-- | fpdfsdk/src/fpdfview_embeddertest.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/fpdfsdk/src/fpdfview_embeddertest.cpp b/fpdfsdk/src/fpdfview_embeddertest.cpp index cc0aa1f818..60c14b3edb 100644 --- a/fpdfsdk/src/fpdfview_embeddertest.cpp +++ b/fpdfsdk/src/fpdfview_embeddertest.cpp @@ -197,6 +197,13 @@ TEST_F(FPDFViewEmbeddertest, Crasher_452455) { UnloadPage(page); } -TEST_F(FPDFViewEmbeddertest, Crasher3) { +TEST_F(FPDFViewEmbeddertest, Crasher_454695) { EXPECT_TRUE(OpenDocument("testing/resources/bug_454695.pdf")); } + +TEST_F(FPDFViewEmbeddertest, Crasher_471990) { + EXPECT_TRUE(OpenDocument("testing/resources/bug_471990.pdf")); + FPDF_PAGE page = LoadPage(0); + EXPECT_NE(nullptr, page); + UnloadPage(page); +} |