summaryrefslogtreecommitdiff
path: root/core/fpdfapi/parser
AgeCommit message (Collapse)Author
2017-08-08Add validator into CPDF_SyntaxParser.Artem Strygin
Change-Id: I7fe8dcd8854e2f08b7b0ee53bde6c864108142ff Reviewed-on: https://pdfium-review.googlesource.com/9571 Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-08-04Remove CFX_ByteTextBuf from cpdfsdk_interform.cpp and others.chromium/3177Henrique Nakashima
New version of the CL that include fpdf_parser_utility.cpp where there is an overload for CFX_ByteTextBuf << CPDF_Object* used by CFDF_Document. Bug: pdfium:731 Change-Id: I54f4e9ee7e10e94388f6f6584f3999f43689e84c Reviewed-on: https://pdfium-review.googlesource.com/10170 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-08-04Revert "Remove CFX_ByteTextBuf from cpdfsdk_interform.cpp and others."Henrique Nakashima
This reverts commit aea80dcc0abc0c310316fa502f91a359bc684758. Reason for revert: WriteBuf's behavior was altered Original change's description: > Remove CFX_ByteTextBuf from cpdfsdk_interform.cpp and others. > > Bug: pdfium:731 > Change-Id: I61d38ab3f2b0ac68b8479ade25bab50f3a73c27b > Reviewed-on: https://pdfium-review.googlesource.com/9770 > Reviewed-by: Tom Sepez <tsepez@chromium.org> > Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> TBR=tsepez@chromium.org,hnakashima@chromium.org,rharrison@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: pdfium:731 Change-Id: Ic66a2641c259173fb3792f7a4206e19ee4707fc9 Reviewed-on: https://pdfium-review.googlesource.com/10150 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-08-03Remove CPDF_Array::Truncate().chromium/3176Lei Zhang
The only non-test caller is gone. Change-Id: I261bc6d97c3047b2935d7b663c1a5f7d15670714 Reviewed-on: https://pdfium-review.googlesource.com/10010 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-03Do not truncate the filter array in PDF_DataDecode().Lei Zhang
It is not needed to fix https://crbug.com/552046 and it causes different bug. BUG=chromium:750993 Change-Id: I11627045bd3e73fb439884c3362ab1c26eb95fe3 Reviewed-on: https://pdfium-review.googlesource.com/9990 Reviewed-by: Oliver Chang <ochang@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-03Avoid a redundant header offset check in CPDF_Parser.Lei Zhang
CPDF_Parser::StartLinearizedParse() calls StartParse(), but already knows the PDF header offset. Refactor StartParse() so it does not have to look for the header again. Change-Id: Id8cc39301ae72da868dafc53921622d5b28ce26e Reviewed-on: https://pdfium-review.googlesource.com/9830 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Art Snake <art-snake@yandex-team.ru>
2017-08-02Replace CFX_ByteTextBuf from cpdf_security_handler.cpp with std::vectorHenrique Nakashima
Bug: pdfium:731 Change-Id: I63532e06aa2c135f34a6adda24ae1cfbc5922ac9 Reviewed-on: https://pdfium-review.googlesource.com/9871 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-08-02Unify parsing of cross refs v4Artem Strygin
Change-Id: I7e3d45263a0bae61fd86fd4c3710de7fc0b9347d Reviewed-on: https://pdfium-review.googlesource.com/9290 Reviewed-by: Wei Li <weili@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2017-08-02Remove CFX_ByteTextBuf from cpdfsdk_interform.cpp and others.Henrique Nakashima
Bug: pdfium:731 Change-Id: I61d38ab3f2b0ac68b8479ade25bab50f3a73c27b Reviewed-on: https://pdfium-review.googlesource.com/9770 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-08-01Add public access for read stream into CPDF_SyntaxParserArtem Strygin
Change-Id: I5deb6049db41387ac030a6ba5296ee6187120190 Reviewed-on: https://pdfium-review.googlesource.com/9470 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-08-01Improve readability in CPDF_Parser::ObjectInfo.Artem Strygin
Make CPDF_Parser::ObjectInfo::pos a union, since the data is used as an object number when the object is compressed. Change-Id: Id7c32759f7411cc80285bb7f3088b5aa6ff5bf05 Reviewed-on: https://pdfium-review.googlesource.com/9570 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2017-08-01Implement read Session.Artem Strygin
Helper for validate read problems locally, Change-Id: I2bfbbaab8a67c0fd0cee3dadcd0f9cad5953101c Reviewed-on: https://pdfium-review.googlesource.com/9552 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2017-08-01Change CPDF_Parser::GetIndirectBinary() to return a std::vector.Lei Zhang
Fixes potential leaks in CPDF_Creator::WriteOldIndirectObject(), the only caller. Change-Id: I8a20da8a555c8d28f3bcd467a193a6a81c9f91d9 Reviewed-on: https://pdfium-review.googlesource.com/9751 Reviewed-by: Art Snake <art-snake@yandex-team.ru> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-01Remove support for negative params to ReleaseBuffer()Ryan Harrison
This CL removes the default param value for this method, which was negative. It also adds in a method to get buffer lengths, so that the callsites can explictly passing in the length of the buffer if they were using the default value previously. BUG=pdfium:828 Change-Id: I0170771ee81970b8b601631015ab3e6e39fea8ea Reviewed-on: https://pdfium-review.googlesource.com/9790 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-01Replace raw value for constant error value in string operationsRyan Harrison
Currently Find() and other methods that return a FX_STRSIZE return -1 to indicate error/failure. This means that there is a lot of magic numbers and magic checks floating around. The standard library for similar operations uses a npos constant. This CL implements FX_STRNPOS, and replaces usages of magic number checking. It also does some type cleanup along the way where it was obvious that FX_STRSIZE should be being used. Removing the magic numbers should make eventually changing FX_STRSIZE to be unsigned easier in the future. BUG=pdfium:828 Change-Id: I67e481e44cf2f75a1698afa8fbee4f375a74c490 Reviewed-on: https://pdfium-review.googlesource.com/9651 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-01Prevent use of null pFileRead in CPDF_DataAvail.chromium/3174Artem Strygin
Change-Id: I52e668ca410a0c6b96a789ecc18c993152047ead Reviewed-on: https://pdfium-review.googlesource.com/9550 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-07-28Add CPDF_Stream::ReplaceData method.chromium/3170Artem Strygin
Change-Id: I94b2e8f6fd522b97c917037e32fb3bcbeea0cbeb Reviewed-on: https://pdfium-review.googlesource.com/8911 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-07-28Return removed value from dictionary.Artem Strygin
Change-Id: I218179565cd991b71fd9c909b94f967bbf80c74d Reviewed-on: https://pdfium-review.googlesource.com/8912 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-07-28Implement read validator.Artem Strygin
The wrapper for IFX_SeekableReadStream. Which allow us to check data availability on read request and request downloading of non available data on fly. Change-Id: I27c66cd58f43f8432f73104cc3f4c980515a9b56 Reviewed-on: https://pdfium-review.googlesource.com/9050 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: (OOO Jul 28 - Aug 8) dsinclair <dsinclair@chromium.org>
2017-07-26Remove recursion from CPDF_DataAvail::HaveResourceXXX.Artem Strygin
Change-Id: Iacac67bce99b4b4bcc303fb388aaf03f2f99e4f3 Reviewed-on: https://pdfium-review.googlesource.com/9070 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-26Remove useless code.Artem Strygin
Change-Id: Ibb7e33dddd79d6266961ebdf56600fc5a091dcb8 Reviewed-on: https://pdfium-review.googlesource.com/9071 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-20Use enum for pdf object typeArtem Strygin
Replace uint8_t type to enum for ObjectType variables Change-Id: Ie33c8c9413c5082397a2c6fbf73e03f08b7d8658 Reviewed-on: https://pdfium-review.googlesource.com/8470 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-19Rename StringCs c_str() to unterminated_c_str().Tom Sepez
Since there is no guarantee of termination if the StringC was extracted from a snippet of another string. Make it more obvious that things like strlen(str.unterminated_c_str()) might be a bad idea. Change-Id: I7832248ed89ebbddf5c0bcd402aac7d40ec2adc2 Reviewed-on: https://pdfium-review.googlesource.com/8170 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-07-19Use CFX_WideString in CPDF_NameTree functions to strip BOMchromium/3162Jane Liu
PDFium doesn't strip BOMs during parsing, but we should strip BOMs when retrieving parsed strings in CPDF_NameTree to ensure consistency and appropriate function behavior. See the bug for more info. As outlined in Bug=pdfium:593, the solution is to call GetUnicodeText() instead of GetString(). I added a GetUnicodeTextAt() function in CPDF_Array, which is symmetrical to GetUnicodeTextFor() in CPDF_Dictionary. I then changed the input variable types to CPDF_NameTree functions to be CFX_WideString instead of CFX_ByteString, and modified all the calls to them. I also added a unit test for nametree, which would fail prior to this change. Nametrees with non-unicode names are already tested by embedder tests. Bug=pdfium:820 Change-Id: Id69d7343632f83d1f5180348c0eea290f478183f Reviewed-on: https://pdfium-review.googlesource.com/8091 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Jane Liu <janeliulwq@google.com>
2017-07-13Add Embeddertest for password after savingchromium/3157Nicolas Pena
This CL allows TestSaved to open password-protected and linearized documents properly. It also adds a test with one such document. BUG= pdfium:787 Change-Id: Ie0da7f290711505fb208794afdc737c36e84dd3c Reviewed-on: https://pdfium-review.googlesource.com/7034 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-07-10Roll FreeType to c56d8851ea987023cc73981a70d261b3f6427545chromium/3156chromium/3155chromium/3154Nicolas Pena
Bug: chromium:738919 Change-Id: I2ea99a47f45e2e68650bd1fa9ad7554d8df79874 Reviewed-on: https://pdfium-review.googlesource.com/7351 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-07-07core: fix -Wshadow warningschromium/3153Miklos Vajna
Found with this patch: diff --git a/BUILD.gn b/BUILD.gn index 83bad1b13..444685f04 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -89,6 +89,8 @@ config("pdfium_core_config") { "/wd4324", "/wd4577", ] + } else { + cflags += [ "-Wshadow" ] } } But renaming the conflicting names is tricky, so done with clang-rename. Change-Id: Ie959b86e9e82b11b211761b0c73e439e51044de7 Reviewed-on: https://pdfium-review.googlesource.com/7410 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-06-28Keep all trailers in CPDF_Parser in m_TrailersNicolas Pena
This CL removes m_pTrailer in favor of having them all in a vector, and having an index that points to the position of the previous m_pTrailer in the vector. Bug: pdfium:787 Change-Id: Ieebbf4849f7ea78f8f74d188e3adb3446a53482e Reviewed-on: https://pdfium-review.googlesource.com/7040 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-27Add overload for CPDF_Stream.SetData() that takes an ostringstream.Henrique Nakashima
Bug: pdfium:731 Change-Id: Ie65bafc644cff076b0d7aadcc5d0b0e33e2c199b Reviewed-on: https://pdfium-review.googlesource.com/7035 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-23Cleaning up fx_string_testhelpers.Henrique Nakashima
This is unused except for being a pathway for indirect deps. Change-Id: I717290235ccbc59429ad24231033382958e2a086 Reviewed-on: https://pdfium-review.googlesource.com/6910 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
2017-06-20Cleanup fpdf_parser_decodeNicolas Pena
This CL fixes some nits in fpdf_parser_decode, especially avoiding non-const reference parameters. Change-Id: Ibb914850afd924bb398f886ac862f7589519ef7e Reviewed-on: https://pdfium-review.googlesource.com/6750 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-19Fixing metadata not read from linearized file.chromium/3136Henrique Nakashima
This still won't work if the info dict is not on the first page without first calling FPDFAvail_IsFormAvail or FPDFAvail_IsPageAvail, as these are the methods that trigger parsing the rest of the data. Bug: pdfium:664 Change-Id: I0b0193e415a1153dcfb8bfba0e0482da6b6ba53c Reviewed-on: https://pdfium-review.googlesource.com/6610 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-06-13Allow zero length streams when parsing.chromium/3130Dan Sinclair
It's possible to create a stream of length 0 in a PDF document. Currently the code will early exit and return a nullptr. This causes issues when you want to print the given PDF as the FPDF_ImportPages code ends up only generating up to the zero length object. This CL allows creating streams with length 0 and updates the PDF saving code to output a blank stream. Bug: chromium:732380 Change-Id: I44182ba4aaac7c51284b002ba01bbc34b6bcf9e0 Reviewed-on: https://pdfium-review.googlesource.com/6490 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-06-13Converting CFX_ByteTextBuf to ostringstream in cpdf_syntax_parser.cpp.Henrique Nakashima
Bug: pdfium:731 Change-Id: I6d1f59318cd63539ddce3fbdd3f0a375060b6476 Reviewed-on: https://pdfium-review.googlesource.com/6435 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-06-09Converting CFX_ByteTextBuf to ostringstream in fdpf_parser_decode.cpp.chromium/3126Henrique Nakashima
Bug: pdfium:731 Change-Id: I20c3d87dba91d1489794abb77afcd2d7e9db88fe Reviewed-on: https://pdfium-review.googlesource.com/6393 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-06-09Simplify CPDF_Array::RemoveAt(index, size).Lei Zhang
Instead of one general RemoveAt() method, split it into: - RemoveAt(index) - Truncate(nNewSize) - Clear() Update callers, which are now easier to understand. Update existing unit tests and add new tests. Change-Id: I38fe40146ce8f2479677b2caadd20a1756678768 Reviewed-on: https://pdfium-review.googlesource.com/6417 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-26Avoid dangling encrypt dict pointer in CPDF_ParserTom Sepez
CPDF_Parser::StartParse should release the current encrypt dict before trashing it by calling RebuildCrossRef() at cpdf_parser.cpp:195. This gives rise to the pattern that calls to ReleaseEncryptHandler() are followed by SetEncryptDict(nullptr), so just move the later into the former. Bug: 726503 Change-Id: I38bc81f0c0416812035a8a2541c09e875f1fb49a Reviewed-on: https://pdfium-review.googlesource.com/6030 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Mass conversion of remaining class members (non-xfa)Tom Sepez
Change-Id: I8365ba80e3395d59a3cf35dbd9d9162e86e712e3 Reviewed-on: https://pdfium-review.googlesource.com/5970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Mass conversion of all const-lifetime class membersTom Sepez
Sed + minimal conversions to compile, including moving some constructors into the .cpp file. Any that caused ASAN issues during the tests were omitted rather than trying to resolve the underlying issue. Change-Id: I00a421f33b253eb4071ffd9af3f2922c7443b335 Reviewed-on: https://pdfium-review.googlesource.com/5891 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-25Break apart the pageint.h file.Dan Sinclair
This CL separates pageint.h and the supporting cpp files into indivudal class files. Change-Id: Idcadce41976a8cd5f0d916e6a5ebbc283fd36527 Reviewed-on: https://pdfium-review.googlesource.com/5930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-24Convert to CFX_UnownedPtr, part 8chromium/3110Tom Sepez
Change-Id: I99d6b4df72e369652301c36e4046f03ef95ed07d Reviewed-on: https://pdfium-review.googlesource.com/5837 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-24Convert to CFX_UnownedPtr, part 3.Tom Sepez
Remove an explicit clear to re-order the member destruction order. Change-Id: I33da3f3de4b8e8e0cfbdceaf5140e98f5d6f904a Reviewed-on: https://pdfium-review.googlesource.com/5791 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-23Use NOTREACHED() in more places.Lei Zhang
Change-Id: I88466943171f19259f84add69679741d44c8e123 Reviewed-on: https://pdfium-review.googlesource.com/5551 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-19Move CCodec_ModuleMgr ownership to CPDF_ModuleMgr.Lei Zhang
More straight forward than CFX_GEModule owning in and CPDF_ModuleMgr holding a pointer to it. Remove assumptions that the codec modules may return nullptr, and do IWYU. Change-Id: Iba7fc3c7ec223fd6d29a1ab74ed13d35689bc5d5 Reviewed-on: https://pdfium-review.googlesource.com/5654 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-18Add more CFX_UnownedPtr usage.Tom Sepez
One lifetime issue was fixed by passing CPDF_RenderStatus into Continue() methods rather than holidng a pointer which was going stale. Bug: Change-Id: I63b9dce4c1a0d1377cc407b5460535f7c916a040 Reviewed-on: https://pdfium-review.googlesource.com/5659 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-05-16Introduce CFX_UnownedPtr to detect lifetime inversion issues.Tom Sepez
There are places where an object "child" has a raw pointer back to object "owner" with the understanding that owner will always outlive child. Violating this constraint can lead to use after free, but this requires finding two paths: one that frees the objects in the wrong order, and one that uses the object after the free. The purpose of this patch is to detect the constraint violation even when the second path is not hit. We create a template that is used in place of TYPE*. It's dtor, when a memory tool is present, goes out and probes the first byte of the object to which it points. Used in "child", this allows the memory tool to prove that the "owner" is still alive at the time the child is destroyed, and hence the constraint is never violated. Change-Id: I2a6d696d51dda4a79ee2f00a6752965e058a6417 Reviewed-on: https://pdfium-review.googlesource.com/5475 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-10Store the offset in the archive bufferDan Sinclair
This Cl moves the implementation of the archive buffer behind an IFX_ArchiveStream interface. The buffer holds the current offset and the offset parameter is removed from the CPDF_Creator and various other methods. Change-Id: Ia54e803b58bbfb6ef03fec4a940d2c056d541356 Reviewed-on: https://pdfium-review.googlesource.com/5255 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-10Use FXSYS_IntToTwoHexChars() in more places.Lei Zhang
Change-Id: I84cd8e91a296119ecf80b7a092b886f291bebb45 Reviewed-on: https://pdfium-review.googlesource.com/4953 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-05-09Remove AppendObject from CPDF_CreatorDan Sinclair
The AppendObject method has been removed and the functionality moved to the individual CPDF_Object classes. Change-Id: I5446c6cc3e792d849acf77caed34b63a88f3a2d2 Reviewed-on: https://pdfium-review.googlesource.com/5072 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-08Check bits to decode will fit before decodingDan Sinclair
When decoding the CPDF_HintTable we read the dwDeltaGroupLen value out of the input stream which is a 16bit number. That value is then passed in to read a uint32_t of the object number. If we have a group length of > 32 bits we'll cause an undefined shift when we attempt to shift right more then 32 bits. This Cl bails out early if the dwDeltaGroupLen value is > 32 in order to stop the undefined shifts. Bug: chromium:718505 Change-Id: I919d6f4cd19826094a5e44d3a65d758029f5c236 Reviewed-on: https://pdfium-review.googlesource.com/5090 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>