diff options
Diffstat (limited to 'core/fpdfapi/parser/cpdf_hint_tables.cpp')
| -rw-r--r-- | core/fpdfapi/parser/cpdf_hint_tables.cpp | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/core/fpdfapi/parser/cpdf_hint_tables.cpp b/core/fpdfapi/parser/cpdf_hint_tables.cpp index 71a6d3688e..04e673bc97 100644 --- a/core/fpdfapi/parser/cpdf_hint_tables.cpp +++ b/core/fpdfapi/parser/cpdf_hint_tables.cpp @@ -117,7 +117,7 @@ bool CPDF_HintTables::ReadPageHintTable(CFX_BitStream* hStream) { // shared object referenced from a page, there is an indication of // where in the page's content stream the object is first referenced. const uint32_t dwSharedNumeratorBits = hStream->GetBits(16); - if (!IsValidPageOffsetHintTableBitCount(dwSharedNumeratorBits)) + if (dwSharedNumeratorBits > 32) return false; // Item 13: Skip Item 13 which has 16 bits. @@ -193,15 +193,17 @@ bool CPDF_HintTables::ReadPageHintTable(CFX_BitStream* hStream) { } hStream->ByteAlign(); - for (uint32_t i = 0; i < nPages; i++) { - FX_SAFE_UINT32 safeSize = dwNSharedObjsArray[i]; - safeSize *= dwSharedNumeratorBits; - if (!CanReadFromBitStream(hStream, safeSize)) - return false; + if (dwSharedNumeratorBits) { + for (uint32_t i = 0; i < nPages; i++) { + FX_SAFE_UINT32 safeSize = dwNSharedObjsArray[i]; + safeSize *= dwSharedNumeratorBits; + if (!CanReadFromBitStream(hStream, safeSize)) + return false; - hStream->SkipBits(safeSize.ValueOrDie()); + hStream->SkipBits(safeSize.ValueOrDie()); + } + hStream->ByteAlign(); } - hStream->ByteAlign(); FX_SAFE_UINT32 safeTotalPageLen = nPages; safeTotalPageLen *= dwDeltaPageLenBits; @@ -403,7 +405,11 @@ FX_FILESIZE CPDF_HintTables::HintsOffsetToFileOffset( // offset shall have the hint stream length added to it to determine the // actual offset relative to the beginning of the file. // See specification PDF 32000-1:2008 Annex F.4 (Hint tables). - if (file_offset.ValueOrDie() > m_pLinearized->GetHintStart()) + // Note: The PDF spec does not mention this, but positions equal to the hint + // stream offset also need to have the hint stream length added to it. e.g. + // There exists linearized PDFs generated by Adobe software that have this + // property. + if (file_offset.ValueOrDie() >= m_pLinearized->GetHintStart()) file_offset += m_pLinearized->GetHintLength(); return file_offset.ValueOrDefault(0); |