From f51a4767ee7854991d94d6814aa13f5763f05760 Mon Sep 17 00:00:00 2001 From: Artem Strygin Date: Thu, 7 Jun 2018 18:01:27 +0000 Subject: Check is first page number valid in CPDF_LinearizedHeader. Bug=chromium:850407,chromium:850440 Change-Id: I0115f75677db618b0de5e1e78b13da80b1da9559 Reviewed-on: https://pdfium-review.googlesource.com/34390 Commit-Queue: Ryan Harrison Reviewed-by: Ryan Harrison --- core/fpdfapi/parser/cpdf_linearized_header.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/core/fpdfapi/parser/cpdf_linearized_header.cpp b/core/fpdfapi/parser/cpdf_linearized_header.cpp index 994d69f9b6..5032bc3807 100644 --- a/core/fpdfapi/parser/cpdf_linearized_header.cpp +++ b/core/fpdfapi/parser/cpdf_linearized_header.cpp @@ -43,6 +43,7 @@ bool IsLinearizedHeaderValid(const CPDF_LinearizedHeader* header, return header->GetFileSize() == file_size && static_cast(header->GetFirstPageNo()) >= 0 && header->GetFirstPageNo() < kMaxInt && + header->GetFirstPageNo() < header->GetPageCount() && header->GetMainXRefTableFirstEntryOffset() < file_size && header->GetPageCount() > 0 && header->GetFirstPageEndOffset() < file_size && -- cgit v1.2.3