From 59d21660a3d91d9b340fdb0211e20358806590e1 Mon Sep 17 00:00:00 2001 From: Henrique Nakashima Date: Thu, 6 Sep 2018 17:30:56 +0000 Subject: Fix integer overflow in LoadCryptInfo. Bug: 847283 Change-Id: I7951103a5a425407b5375460a5556e8765430740 Reviewed-on: https://pdfium-review.googlesource.com/42090 Reviewed-by: Ryan Harrison Commit-Queue: Henrique Nakashima --- core/fpdfapi/parser/cpdf_security_handler.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp index bc72ad3b33..f3d9201cbf 100644 --- a/core/fpdfapi/parser/cpdf_security_handler.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler.cpp @@ -157,6 +157,9 @@ static bool LoadCryptInfo(const CPDF_Dictionary* pEncryptDict, } else { nKeyBits = pEncryptDict->GetIntegerFor("Length", 256); } + if (nKeyBits < 0) + return false; + if (nKeyBits < 40) { nKeyBits *= 8; } -- cgit v1.2.3