From e4f8fda9e75609b1b23882eca288aa4ea62bc433 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Wed, 3 May 2017 14:23:25 -0700 Subject: CPDF_DataAvail: avoid reads into stack buffers. Not a good practice even with correct bounds checks. Same idea for fpdf_edit_create.cpp Change-Id: I90b869ae4a07eb60d59997b9c5afc14830efc076 Reviewed-on: https://pdfium-review.googlesource.com/4830 Reviewed-by: dsinclair Commit-Queue: dsinclair --- core/fpdfapi/edit/fpdf_edit_create.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'core/fpdfapi/edit') diff --git a/core/fpdfapi/edit/fpdf_edit_create.cpp b/core/fpdfapi/edit/fpdf_edit_create.cpp index 24ec0d7b55..d0482173bb 100644 --- a/core/fpdfapi/edit/fpdf_edit_create.cpp +++ b/core/fpdfapi/edit/fpdf_edit_create.cpp @@ -1424,13 +1424,15 @@ int32_t CPDF_Creator::WriteDoc_Stage1(IFX_Pause* pPause) { if ((m_dwFlags & FPDFCREATE_NO_ORIGINAL) == 0 && m_SavedOffset > 0) { CFX_RetainPtr pSrcFile = m_pParser->GetFileAccess(); - uint8_t buffer[4096]; // TODO(tsepez): don't stack allocate. + std::vector buffer(4096); FX_FILESIZE src_size = m_SavedOffset; while (src_size) { uint32_t block_size = src_size > 4096 ? 4096 : src_size; - if (!pSrcFile->ReadBlock(buffer, m_Offset - src_size, block_size)) + if (!pSrcFile->ReadBlock(buffer.data(), m_Offset - src_size, + block_size)) { return -1; - if (m_File.AppendBlock(buffer, block_size) < 0) + } + if (m_File.AppendBlock(buffer.data(), block_size) < 0) return -1; src_size -= block_size; -- cgit v1.2.3