From 5b1fd5c7f172e32aed4fc47bf57a17c63c13e03c Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Wed, 11 Apr 2018 18:09:30 +0000 Subject: Fix trailing whitespace handling in CPDF_StreamParser::ReadInlineStream() After advancing past whitespace, the buffer may become empty. We were checking too early. Bug: 831498 Test: covered by fuzzers Change-Id: I6796b4723a05c2bcafe495dc7bc648213aa9cc22 Reviewed-on: https://pdfium-review.googlesource.com/30191 Commit-Queue: Tom Sepez Commit-Queue: dsinclair Reviewed-by: dsinclair --- core/fpdfapi/page/cpdf_streamparser.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp index c6660b799b..82f31dd007 100644 --- a/core/fpdfapi/page/cpdf_streamparser.cpp +++ b/core/fpdfapi/page/cpdf_streamparser.cpp @@ -114,12 +114,12 @@ std::unique_ptr CPDF_StreamParser::ReadInlineStream( CPDF_Document* pDoc, std::unique_ptr pDict, CPDF_Object* pCSObj) { + if (m_Pos < m_pBuf.size() && PDFCharIsWhitespace(m_pBuf[m_Pos])) + m_Pos++; + if (m_Pos == m_pBuf.size()) return nullptr; - if (PDFCharIsWhitespace(m_pBuf[m_Pos])) - m_Pos++; - ByteString Decoder; CPDF_Dictionary* pParam = nullptr; CPDF_Object* pFilter = pDict->GetDirectObjectFor("Filter"); -- cgit v1.2.3