diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-03-29 15:00:08 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-29 19:20:57 +0000 |
| commit | 47b8f070dc11308e0bef3a157f6c70fbcad4093a (patch) | |
| tree | 83e5c1387cd4310a14d2a96c4f21f1d82a52f328 /third_party/libtiff/README.pdfium | |
| parent | 9ad342b60490b9e88896aaf2eb7fb8f7bfa73e5a (diff) | |
| download | pdfium-47b8f070dc11308e0bef3a157f6c70fbcad4093a.tar.xz | |
Do more checks before big allocs in TIFFReadDirEntryArray
This CL fixes the only caller to TIFFReadDirEntryData with potentially large
size so that we avoid big mallocs when we know we will fail. It does this as
follows:
- Avoid the unnecessary computations if datasize is very small. We don't want
to be slower in this case.
- If !isMapped(tif), we will Seek and Read. Check that ending position is
reachable. In the other case, do a simple check for out of bounds.
Bug: chromium:681311
Change-Id: Ia172d8b4d401753b7c8d5455dc1ada5335f6fa6b
Reviewed-on: https://pdfium-review.googlesource.com/3253
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'third_party/libtiff/README.pdfium')
| -rw-r--r-- | third_party/libtiff/README.pdfium | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index 0b6b800604..b82bb7947a 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -23,3 +23,4 @@ Local Modifications: 0015-fix-leaks-in-tif_ojpeg.patch: fix direct leaks in tif_ojpeg.c methods 0017-safe_skews_in_gtTileContig.patch: return error if to/from skews overflow from int32. 0018-fix-leak-in-PredictorSetupDecode.patch: call tif->tif_cleanup if the setup fails. +0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c. |