diff options
Diffstat (limited to 'core/fpdfapi')
-rw-r--r-- | core/fpdfapi/parser/cpdf_syntax_parser.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp index 2a0bf360fc..54fb89a48b 100644 --- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp +++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp @@ -727,6 +727,10 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream( if (len < 0) return nullptr; + // If the length is longer then the remaining buffer giveup. + if (len > m_pFileAccess->GetSize() - m_pFileAccess->GetPosition()) + return nullptr; + std::unique_ptr<uint8_t, FxFreeDeleter> pData; if (len > 0) { pData.reset(FX_Alloc(uint8_t, len)); |