summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--core/fpdfapi/parser/cpdf_syntax_parser.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
index 2a0bf360fc..54fb89a48b 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
@@ -727,6 +727,10 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream(
if (len < 0)
return nullptr;
+ // If the length is longer then the remaining buffer giveup.
+ if (len > m_pFileAccess->GetSize() - m_pFileAccess->GetPosition())
+ return nullptr;
+
std::unique_ptr<uint8_t, FxFreeDeleter> pData;
if (len > 0) {
pData.reset(FX_Alloc(uint8_t, len));