From 85361b227ad6786d2aeef8409b79a8d077a26ee9 Mon Sep 17 00:00:00 2001 From: Dan Sinclair Date: Mon, 26 Oct 2015 16:14:23 -0400 Subject: Make m_pShadingObj a CPDF_Stream instead of CPDF_Object. This object is required to be a stream and was being converted as such. With the new type checking this caused us to pass a nullptr where previously we'd have, incorrectly, cast a CPDF_Dictionary to a CPDF_Stream. This CL changes the m_pShadingObj to always be a CPDF_Stream. Then, we never go down the bad code path because we check if m_pShadingObj is nullptr earlier and bail out. BUG=chromium:547706 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1426713002 . --- BUILD.gn | 1 + core/include/fpdfapi/fpdf_resource.h | 2 +- core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp | 7 ++- core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp | 4 +- .../fpdfapi/fpdf_render/fpdf_render_pattern.cpp | 14 +++--- .../fpdf_render_pattern_embeddertest.cpp | 16 +++++++ pdfium.gyp | 1 + testing/resources/bug_547706.in | 43 +++++++++++++++++ testing/resources/bug_547706.pdf | 55 ++++++++++++++++++++++ 9 files changed, 128 insertions(+), 15 deletions(-) create mode 100644 core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp create mode 100644 testing/resources/bug_547706.in create mode 100644 testing/resources/bug_547706.pdf diff --git a/BUILD.gn b/BUILD.gn index a2ddbadd55..4d100d1bf6 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -778,6 +778,7 @@ test("pdfium_embeddertests") { sources = [ "core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp", "core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp", + "core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp", "fpdfsdk/src/fpdf_dataavail_embeddertest.cpp", "fpdfsdk/src/fpdfdoc_embeddertest.cpp", "fpdfsdk/src/fpdfformfill_embeddertest.cpp", diff --git a/core/include/fpdfapi/fpdf_resource.h b/core/include/fpdfapi/fpdf_resource.h index 9fe6e2b95f..0b85333cfc 100644 --- a/core/include/fpdfapi/fpdf_resource.h +++ b/core/include/fpdfapi/fpdf_resource.h @@ -688,7 +688,7 @@ class CPDF_ShadingPattern : public CPDF_Pattern { ~CPDF_ShadingPattern() override; - CPDF_Object* m_pShadingObj; + CPDF_Stream* m_pShadingObj; FX_BOOL m_bShadingObj; diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp index b12a65a844..bd4319df11 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp @@ -1128,10 +1128,9 @@ void CPDF_StreamContentParser::Handle_ShadeFill() { bbox = m_BBox; } if (pShading->m_ShadingType >= 4) { - bbox.Intersect(_GetShadingBBox(ToStream(pShading->m_pShadingObj), - pShading->m_ShadingType, &pObj->m_Matrix, - pShading->m_pFunctions, pShading->m_nFuncs, - pShading->m_pCS)); + bbox.Intersect(_GetShadingBBox( + pShading->m_pShadingObj, pShading->m_ShadingType, &pObj->m_Matrix, + pShading->m_pFunctions, pShading->m_nFuncs, pShading->m_pCS)); } pObj->m_Left = bbox.left; pObj->m_Right = bbox.right; diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp index 7b04d8cd33..d06f481138 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp @@ -71,12 +71,12 @@ CPDF_ShadingPattern::CPDF_ShadingPattern(CPDF_Document* pDoc, CPDF_Dictionary* pDict = m_pPatternObj->GetDict(); ASSERT(pDict != NULL); m_Pattern2Form = pDict->GetMatrix(FX_BSTRC("Matrix")); - m_pShadingObj = pDict->GetElementValue(FX_BSTRC("Shading")); + m_pShadingObj = ToStream(pDict->GetElementValue(FX_BSTRC("Shading"))); if (parentMatrix) { m_Pattern2Form.Concat(*parentMatrix); } } else { - m_pShadingObj = pPatternObj; + m_pShadingObj = ToStream(pPatternObj); } m_ShadingType = 0; m_pCS = NULL; diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp index 4ed6c07675..015f1a3166 100644 --- a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp @@ -881,20 +881,18 @@ void CPDF_RenderStatus::DrawShading(CPDF_ShadingPattern* pPattern, pColorSpace, alpha); break; case 4: { - DrawFreeGouraudShading(pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, nFuncs, - pColorSpace, alpha); + DrawFreeGouraudShading(pBitmap, &FinalMatrix, pPattern->m_pShadingObj, + pFuncs, nFuncs, pColorSpace, alpha); } break; case 5: { - DrawLatticeGouraudShading(pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, - nFuncs, pColorSpace, alpha); + DrawLatticeGouraudShading(pBitmap, &FinalMatrix, pPattern->m_pShadingObj, + pFuncs, nFuncs, pColorSpace, alpha); } break; case 6: case 7: { DrawCoonPatchMeshes(pPattern->m_ShadingType - 6, pBitmap, &FinalMatrix, - ToStream(pPattern->m_pShadingObj), pFuncs, nFuncs, - pColorSpace, fill_mode, alpha); + pPattern->m_pShadingObj, pFuncs, nFuncs, pColorSpace, + fill_mode, alpha); } break; } if (bAlphaMode) { diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp new file mode 100644 index 0000000000..30d7a416be --- /dev/null +++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp @@ -0,0 +1,16 @@ +// Copyright 2015 PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "../../../testing/embedder_test.h" +#include "testing/gtest/include/gtest/gtest.h" + +class FPDFRenderPatternEmbeddertest : public EmbedderTest {}; + +TEST_F(FPDFRenderPatternEmbeddertest, LoadError_547706) { + // Test shading where object is a dictionary instead of a stream. + EXPECT_TRUE(OpenDocument("testing/resources/bug_547706.pdf")); + FPDF_PAGE page = LoadPage(0); + RenderPage(page); + UnloadPage(page); +} diff --git a/pdfium.gyp b/pdfium.gyp index 2aba2a7156..35e12e2dc3 100644 --- a/pdfium.gyp +++ b/pdfium.gyp @@ -749,6 +749,7 @@ 'sources': [ 'core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp', 'core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp', + 'core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp', 'fpdfsdk/src/fpdf_dataavail_embeddertest.cpp', 'fpdfsdk/src/fpdfdoc_embeddertest.cpp', 'fpdfsdk/src/fpdfformfill_embeddertest.cpp', diff --git a/testing/resources/bug_547706.in b/testing/resources/bug_547706.in new file mode 100644 index 0000000000..4c31f19211 --- /dev/null +++ b/testing/resources/bug_547706.in @@ -0,0 +1,43 @@ +{{header}} + +{{object 1 0}} +<< /Pages 2 0 R >> +endobj + +{{object 2 0}} +<< /Kids [ 3 0 R ] >> +endobj + +{{object 3 0}} +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +{{object 4 0}} +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +{{object 6 0}} +<< /R9 7 0 R >> +endobj + +{{object 7 0}} +<< /PatternType 2 /Shading 8 0 R >> +endobj + +{{object 8 0}} +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +{{xref}} +trailer << + /Root 1 0 R + /Size 9 +>> +{{startxref}} +%%EOF diff --git a/testing/resources/bug_547706.pdf b/testing/resources/bug_547706.pdf new file mode 100644 index 0000000000..8003b3c488 --- /dev/null +++ b/testing/resources/bug_547706.pdf @@ -0,0 +1,55 @@ +%PDF-1.7 +% ò¤ô + +1 0 obj +<< /Pages 2 0 R >> +endobj + +2 0 obj +<< /Kids [ 3 0 R ] >> +endobj + +3 0 obj +<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>> +endobj + +4 0 obj +<< /Length 5 0 R >> +stream +/R9 scn +0 0 2479 3508 re +/R11 36 Tf +[(1)-12288.9(2)]TJ +endstream +endobj + +6 0 obj +<< /R9 7 0 R >> +endobj + +7 0 obj +<< /PatternType 2 /Shading 8 0 R >> +endobj + +8 0 obj +<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >> +endobj + +xref +0 9 +0000000000 65535 f +0000000016 00000 n +0000000051 00000 n +0000000089 00000 n +0000000158 00000 n +0000000000 65535 f +0000000266 00000 n +0000000298 00000 n +0000000350 00000 n +trailer << + /Root 1 0 R + /Size 9 +>> +startxref +431 +%%EOF -- cgit v1.2.3