summaryrefslogtreecommitdiff
path: root/fxjs
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-05-08 14:16:51 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-05-08 18:38:02 +0000
commit486f141ed1fa5b92f59d403c4b549ede2ea1a2c8 (patch)
treee91cc72d308c7e3ffa5e40403157de54568b5d23 /fxjs
parent1ef04c9bc0c19dd815f64ec48e7eef106cf88b49 (diff)
downloadpdfium-486f141ed1fa5b92f59d403c4b549ede2ea1a2c8.tar.xz
Check bits to decode will fit before decoding
When decoding the CPDF_HintTable we read the dwDeltaGroupLen value out of the input stream which is a 16bit number. That value is then passed in to read a uint32_t of the object number. If we have a group length of > 32 bits we'll cause an undefined shift when we attempt to shift right more then 32 bits. This Cl bails out early if the dwDeltaGroupLen value is > 32 in order to stop the undefined shifts. Bug: chromium:718505 Change-Id: I919d6f4cd19826094a5e44d3a65d758029f5c236 Reviewed-on: https://pdfium-review.googlesource.com/5090 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fxjs')
0 files changed, 0 insertions, 0 deletions