summaryrefslogtreecommitdiff
path: root/fpdfsdk
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2015-06-30 12:18:55 -0700
committerTom Sepez <tsepez@chromium.org>2015-06-30 12:18:55 -0700
commit74742a75ac7a07c08cf36fe6f4eaa91bed8236a3 (patch)
treecd7863a159b4c8dd691aa280efee56158e1ee42e /fpdfsdk
parentc01c977c9c6e56faf709400547c9b085b8972024 (diff)
downloadpdfium-74742a75ac7a07c08cf36fe6f4eaa91bed8236a3.tar.xz
Redo range check in CPDF_SampledFunc::v_Call().
The current |bitpos1| calculation protects the passed argument to _GetBits32(): |bitpos.ValueOrDie() + j * m_nBitsPerSample|, but doesn't account for adding in the sample length in that routine. Also bound bits per sample to something reasonable to avoid undefined behaviour on the shift to compute the max value. BUG=471990 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1219663003.
Diffstat (limited to 'fpdfsdk')
-rw-r--r--fpdfsdk/src/fpdfview_embeddertest.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/fpdfsdk/src/fpdfview_embeddertest.cpp b/fpdfsdk/src/fpdfview_embeddertest.cpp
index cc0aa1f818..60c14b3edb 100644
--- a/fpdfsdk/src/fpdfview_embeddertest.cpp
+++ b/fpdfsdk/src/fpdfview_embeddertest.cpp
@@ -197,6 +197,13 @@ TEST_F(FPDFViewEmbeddertest, Crasher_452455) {
UnloadPage(page);
}
-TEST_F(FPDFViewEmbeddertest, Crasher3) {
+TEST_F(FPDFViewEmbeddertest, Crasher_454695) {
EXPECT_TRUE(OpenDocument("testing/resources/bug_454695.pdf"));
}
+
+TEST_F(FPDFViewEmbeddertest, Crasher_471990) {
+ EXPECT_TRUE(OpenDocument("testing/resources/bug_471990.pdf"));
+ FPDF_PAGE page = LoadPage(0);
+ EXPECT_NE(nullptr, page);
+ UnloadPage(page);
+}