diff options
| -rw-r--r-- | core/fpdfapi/parser/cpdf_document_unittest.cpp | 2 | ||||
| -rw-r--r-- | core/fpdfapi/parser/cpdf_linearized_header.cpp | 29 | ||||
| -rw-r--r-- | core/fpdfapi/parser/cpdf_linearized_header.h | 17 | ||||
| -rw-r--r-- | testing/libfuzzer/pdf_hint_table_fuzzer.cc | 2 |
4 files changed, 27 insertions, 23 deletions
diff --git a/core/fpdfapi/parser/cpdf_document_unittest.cpp b/core/fpdfapi/parser/cpdf_document_unittest.cpp index 9e03c96697..d1b8dce74a 100644 --- a/core/fpdfapi/parser/cpdf_document_unittest.cpp +++ b/core/fpdfapi/parser/cpdf_document_unittest.cpp @@ -133,7 +133,7 @@ class CPDF_TestDocumentWithPageWithoutPageNum : public CPDF_Document { class TestLinearized : public CPDF_LinearizedHeader { public: explicit TestLinearized(CPDF_Dictionary* dict) - : CPDF_LinearizedHeader(dict) {} + : CPDF_LinearizedHeader(dict, 0) {} }; class CPDF_TestDocPagesWithoutKids : public CPDF_Document { diff --git a/core/fpdfapi/parser/cpdf_linearized_header.cpp b/core/fpdfapi/parser/cpdf_linearized_header.cpp index ce22c55f48..3251a5eb9f 100644 --- a/core/fpdfapi/parser/cpdf_linearized_header.cpp +++ b/core/fpdfapi/parser/cpdf_linearized_header.cpp @@ -70,22 +70,25 @@ std::unique_ptr<CPDF_LinearizedHeader> CPDF_LinearizedHeader::Parse( if (parser->GetNextWord(nullptr) != "endobj") return nullptr; - auto result = pdfium::WrapUnique(new CPDF_LinearizedHeader(pDict.get())); - result->m_szLastXRefOffset = parser->GetPos(); + auto result = pdfium::WrapUnique( + new CPDF_LinearizedHeader(pDict.get(), parser->GetPos())); - return IsLinearizedHeaderValid(result.get(), - parser->GetFileAccess()->GetSize()) - ? std::move(result) - : nullptr; + if (!IsLinearizedHeaderValid(result.get(), + parser->GetFileAccess()->GetSize())) { + return nullptr; + } + return result; } -CPDF_LinearizedHeader::CPDF_LinearizedHeader(const CPDF_Dictionary* pDict) { - m_szFileSize = pDict->GetIntegerFor("L"); - m_dwFirstPageNo = pDict->GetIntegerFor("P"); - m_szMainXRefTableFirstEntryOffset = pDict->GetIntegerFor("T"); - m_PageCount = pDict->GetIntegerFor("N"); - m_szFirstPageEndOffset = pDict->GetIntegerFor("E"); - m_FirstPageObjNum = pDict->GetIntegerFor("O"); +CPDF_LinearizedHeader::CPDF_LinearizedHeader(const CPDF_Dictionary* pDict, + FX_FILESIZE szLastXRefOffset) + : m_szFileSize(pDict->GetIntegerFor("L")), + m_dwFirstPageNo(pDict->GetIntegerFor("P")), + m_szMainXRefTableFirstEntryOffset(pDict->GetIntegerFor("T")), + m_PageCount(pDict->GetIntegerFor("N")), + m_szFirstPageEndOffset(pDict->GetIntegerFor("E")), + m_FirstPageObjNum(pDict->GetIntegerFor("O")), + m_szLastXRefOffset(szLastXRefOffset) { const CPDF_Array* pHintStreamRange = pDict->GetArrayFor("H"); const size_t nHintStreamSize = pHintStreamRange ? pHintStreamRange->GetCount() : 0; diff --git a/core/fpdfapi/parser/cpdf_linearized_header.h b/core/fpdfapi/parser/cpdf_linearized_header.h index d73216059f..964ae26dff 100644 --- a/core/fpdfapi/parser/cpdf_linearized_header.h +++ b/core/fpdfapi/parser/cpdf_linearized_header.h @@ -43,18 +43,19 @@ class CPDF_LinearizedHeader { uint32_t GetHintLength() const { return m_HintLength; } protected: - explicit CPDF_LinearizedHeader(const CPDF_Dictionary* pDict); + CPDF_LinearizedHeader(const CPDF_Dictionary* pDict, + FX_FILESIZE szLastXRefOffset); private: - FX_FILESIZE m_szFileSize = 0; - uint32_t m_dwFirstPageNo = 0; - FX_FILESIZE m_szMainXRefTableFirstEntryOffset = 0; - uint32_t m_PageCount = 0; - FX_FILESIZE m_szFirstPageEndOffset = 0; - uint32_t m_FirstPageObjNum = 0; + const FX_FILESIZE m_szFileSize; + const uint32_t m_dwFirstPageNo; + const FX_FILESIZE m_szMainXRefTableFirstEntryOffset; + const uint32_t m_PageCount; + const FX_FILESIZE m_szFirstPageEndOffset; + const uint32_t m_FirstPageObjNum; + const FX_FILESIZE m_szLastXRefOffset; FX_FILESIZE m_szHintStart = 0; uint32_t m_HintLength = 0; - FX_FILESIZE m_szLastXRefOffset = 0; }; #endif // CORE_FPDFAPI_PARSER_CPDF_LINEARIZED_HEADER_H_ diff --git a/testing/libfuzzer/pdf_hint_table_fuzzer.cc b/testing/libfuzzer/pdf_hint_table_fuzzer.cc index ac4229a5a9..ee51e25f24 100644 --- a/testing/libfuzzer/pdf_hint_table_fuzzer.cc +++ b/testing/libfuzzer/pdf_hint_table_fuzzer.cc @@ -49,7 +49,7 @@ class HintTableForFuzzing : public CPDF_HintTables { class FakeLinearized : public CPDF_LinearizedHeader { public: explicit FakeLinearized(CPDF_Dictionary* linearized_dict) - : CPDF_LinearizedHeader(linearized_dict) {} + : CPDF_LinearizedHeader(linearized_dict, 0) {} }; extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |