diff options
author | Lei Zhang <thestig@chromium.org> | 2017-06-30 18:06:36 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-07-01 01:19:54 +0000 |
commit | 46e8ecf84c0227298c5aca8ea587bd6b2bce4c87 (patch) | |
tree | 7d97475c43d850fe81c9e0d88747e3ada503fceb /fpdfsdk | |
parent | 60d92de2dcab52523829de81c5cd1e50b3f8414f (diff) | |
download | pdfium-46e8ecf84c0227298c5aca8ea587bd6b2bce4c87.tar.xz |
M60: Fix a buffer overflow in FPDFPage_Flatten().chromium/3112
BUG=chromium:732661
TBR=dsinclair@chromium.org
Change-Id: Ie11a7d97db97ac969fb6230956efbf21c2ed3d87
Reviewed-on: https://pdfium-review.googlesource.com/6555
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
(cherry picked from commit f0f2a2a528e154b8ceeded297abc3a64007850f8)
Reviewed-on: https://pdfium-review.googlesource.com/7231
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'fpdfsdk')
-rw-r--r-- | fpdfsdk/fpdf_flatten.cpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/fpdfsdk/fpdf_flatten.cpp b/fpdfsdk/fpdf_flatten.cpp index 0477d6fea5..914008c1a3 100644 --- a/fpdfsdk/fpdf_flatten.cpp +++ b/fpdfsdk/fpdf_flatten.cpp @@ -305,15 +305,18 @@ DLLEXPORT int STDCALL FPDFPage_Flatten(FPDF_PAGE page, int nFlag) { if (!pPageXObject) pPageXObject = pRes->SetNewFor<CPDF_Dictionary>("XObject"); - CFX_ByteString key = ""; + CFX_ByteString key; int nStreams = pdfium::CollectionSize<int>(ObjectArray); if (nStreams > 0) { - for (int iKey = 0; /*iKey < 100*/; iKey++) { - char sExtend[5] = {}; - FXSYS_itoa(iKey, sExtend, 10); - key = CFX_ByteString("FFT") + CFX_ByteString(sExtend); - if (!pPageXObject->KeyExist(key)) + CFX_ByteString sKey; + int i = 0; + while (i < INT_MAX) { + sKey.Format("FFT%d", i); + if (!pPageXObject->KeyExist(sKey)) { + key = sKey; break; + } + ++i; } } |