Age | Commit message (Collapse) | Author |
|
When decoding the CPDF_HintTable we read the dwDeltaGroupLen value out
of the input stream which is a 16bit number. That value is then passed
in to read a uint32_t of the object number. If we have a group length of
> 32 bits we'll cause an undefined shift when we attempt to shift right
more then 32 bits.
This Cl bails out early if the dwDeltaGroupLen value is > 32 in order to
stop the undefined shifts.
Bug: chromium:718505
Change-Id: I919d6f4cd19826094a5e44d3a65d758029f5c236
Reviewed-on: https://pdfium-review.googlesource.com/5090
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
|
|
Pass stream argument to constructor; it feels like a
stream accessor should always be made from a stream rather
than passing one in after the fact.
Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44
Reviewed-on: https://pdfium-review.googlesource.com/3620
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
|
|
Fix callers conventions to avoid ambiguity.
Fix bad bounds check unmasked by change.
Directly include headers no longer pulled in by numerics itself.
Review-Url: https://codereview.chromium.org/2640143003
|
|
My OCD insists that classes be named after nouns, and "linearized"
feels like an adjective.
Remove a redundant "if" while at it.
Review-Url: https://codereview.chromium.org/2482973002
|
|
Unify some code
Move parsing of linearized header into separate CPDF_Linearized class.
Original review:
https://codereview.chromium.org/2466023002/
Revert review:
https://codereview.chromium.org/2474283005/
Revert reason was:
Breaking the chrome roll.
See https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331856
___
Added Fix for fuzzers.
Review-Url: https://codereview.chromium.org/2477213003
|
|
https://codereview.chromium.org/2466023002/ )
Reason for revert:
Breaking the chrome roll. See https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331856
Original issue's description:
> Unify some code
>
> Move parsing of linearized header into separate CPDF_Linearized class.
>
> Committed: https://pdfium.googlesource.com/pdfium/+/71333dc57ac7e4cf7963c83333730b3882ab371f
TBR=thestig@chromium.org,brucedawson@chromium.org,art-snake@yandex-team.ru
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2474283005
|
|
Move parsing of linearized header into separate CPDF_Linearized class.
Review-Url: https://codereview.chromium.org/2466023002
|
|
BUG=pdfium:603
Review-Url: https://codereview.chromium.org/2392603004
|