From 3208356db199098d1110780e138b74b6436deb0b Mon Sep 17 00:00:00 2001
From: Henrique Nakashima <hnakashima@chromium.org>
Date: Fri, 15 Dec 2017 18:40:04 +0000
Subject: Validate shading pattern's ColorSpace. It cannot be a Pattern CS.

Bug: chromium:795251
Change-Id: I6c4fd75a5afd16ced499d031f9b535f8c6828854
Reviewed-on: https://pdfium-review.googlesource.com/21410
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
---
 core/fpdfapi/page/cpdf_shadingpattern.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/fpdfapi/page/cpdf_shadingpattern.cpp b/core/fpdfapi/page/cpdf_shadingpattern.cpp
index 542c4051c5..585a925ba7 100644
--- a/core/fpdfapi/page/cpdf_shadingpattern.cpp
+++ b/core/fpdfapi/page/cpdf_shadingpattern.cpp
@@ -89,6 +89,11 @@ bool CPDF_ShadingPattern::Load() {
 
   CPDF_DocPageData* pDocPageData = document()->GetPageData();
   m_pCS = pDocPageData->GetColorSpace(pCSObj, nullptr);
+  // The color space cannot be a Pattern space, according to the PDF 1.7 spec,
+  // page 305.
+  if (m_pCS->GetFamily() == PDFCS_PATTERN)
+    return false;
+
   if (m_pCS)
     m_pCountedCS = pDocPageData->FindColorSpacePtr(m_pCS->GetArray());
 
-- 
cgit v1.2.3