From ac1dfb0ef15e273aab6476a460dfd4f2778e9703 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Sat, 4 Aug 2018 04:10:58 +0000 Subject: Clarify integer types in CPDF_Parser::LoadCrossRefV5(). GetVarInt() returns uint32_t. So assign the results to variables of type uint32_t. Then make sure those results get passed on as uint32_t, or use pdfium::base::IsValueInRangeForNumericType() to make sure they can be converted to type T safely. Change-Id: I4556f0b89b4e5cdb99ab530119c8051ec8a9411d Reviewed-on: https://pdfium-review.googlesource.com/39436 Reviewed-by: Art Snake Commit-Queue: Lei Zhang --- core/fpdfapi/parser/cpdf_parser.cpp | 22 ++++++++++++---------- core/fpdfapi/parser/cpdf_parser.h | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp index cb262bd1eb..9cff27f5e2 100644 --- a/core/fpdfapi/parser/cpdf_parser.cpp +++ b/core/fpdfapi/parser/cpdf_parser.cpp @@ -753,15 +753,15 @@ bool CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, bool bMainXRef) { ObjectType type = ObjectType::kNotCompressed; const uint8_t* entrystart = segstart + j * totalWidth; if (WidthArray[0]) { - const int cross_ref_stream_obj_type = + const uint32_t cross_ref_stream_obj_type = GetVarInt(entrystart, WidthArray[0]); type = GetObjectTypeFromCrossRefStreamType(cross_ref_stream_obj_type); } if (GetObjectType(startnum + j) == ObjectType::kNull) { - FX_FILESIZE offset = - GetVarInt(entrystart + WidthArray[0], WidthArray[1]); - m_CrossRefTable->AddNormal(startnum + j, 0, offset); + uint32_t offset = GetVarInt(entrystart + WidthArray[0], WidthArray[1]); + if (pdfium::base::IsValueInRangeForNumericType(offset)) + m_CrossRefTable->AddNormal(startnum + j, 0, offset); continue; } @@ -771,14 +771,16 @@ bool CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, bool bMainXRef) { if (type == ObjectType::kFree) { m_CrossRefTable->SetFree(startnum + j); } else { - const FX_FILESIZE entry_value = + const uint32_t entry_value = GetVarInt(entrystart + WidthArray[0], WidthArray[1]); if (type == ObjectType::kNotCompressed) { - const auto object_offset = entry_value; - m_CrossRefTable->AddNormal(startnum + j, 0, object_offset); + const uint32_t offset = entry_value; + if (pdfium::base::IsValueInRangeForNumericType(offset)) + m_CrossRefTable->AddNormal(startnum + j, 0, offset); } else { - const auto archive_obj_num = entry_value; - if (archive_obj_num < 0 || !IsValidObjectNumber(archive_obj_num)) + ASSERT(type == ObjectType::kCompressed); + const uint32_t archive_obj_num = entry_value; + if (!IsValidObjectNumber(archive_obj_num)) return false; m_CrossRefTable->AddCompressed(startnum + j, archive_obj_num); @@ -1070,7 +1072,7 @@ CPDF_Parser::Error CPDF_Parser::LoadLinearizedMainXRefTable() { } CPDF_Parser::ObjectType CPDF_Parser::GetObjectTypeFromCrossRefStreamType( - int cross_ref_stream_type) const { + uint32_t cross_ref_stream_type) const { switch (cross_ref_stream_type) { case 0: return CPDF_Parser::ObjectType::kFree; diff --git a/core/fpdfapi/parser/cpdf_parser.h b/core/fpdfapi/parser/cpdf_parser.h index 81d23e65b9..4ddeae8d87 100644 --- a/core/fpdfapi/parser/cpdf_parser.h +++ b/core/fpdfapi/parser/cpdf_parser.h @@ -164,7 +164,7 @@ class CPDF_Parser { ObjectType GetObjectType(uint32_t objnum) const; ObjectType GetObjectTypeFromCrossRefStreamType( - int cross_ref_stream_type) const; + uint32_t cross_ref_stream_type) const; std::unique_ptr m_pOwnedObjectsHolder; UnownedPtr m_pObjectsHolder; -- cgit v1.2.3