From a032f7f79c67ddef4db0f44fca8f0d245bfb8e82 Mon Sep 17 00:00:00 2001
From: thestig <thestig@chromium.org>
Date: Mon, 29 Aug 2016 10:05:27 -0700
Subject: Add some limit checks to ReadSharedObjHintTable().

BUG=641444

Review-Url: https://codereview.chromium.org/2283893003
---
 core/fpdfapi/fpdf_parser/include/cpdf_parser.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'core/fpdfapi/fpdf_parser/include/cpdf_parser.h')

diff --git a/core/fpdfapi/fpdf_parser/include/cpdf_parser.h b/core/fpdfapi/fpdf_parser/include/cpdf_parser.h
index 3d2408fad1..5d6d6f93fc 100644
--- a/core/fpdfapi/fpdf_parser/include/cpdf_parser.h
+++ b/core/fpdfapi/fpdf_parser/include/cpdf_parser.h
@@ -34,6 +34,10 @@ class CPDF_Parser {
     HANDLER_ERROR
   };
 
+  // A limit on the maximum object number in the xref table. Theoretical limits
+  // are higher, but this may be large enough in practice.
+  static const uint32_t kMaxObjectNumber = 1048576;
+
   CPDF_Parser();
   ~CPDF_Parser();
 
@@ -170,8 +174,6 @@ class CPDF_Parser {
 
   // All indirect object numbers that are being parsed.
   std::set<uint32_t> m_ParsingObjNums;
-
-
 };
 
 #endif  // CORE_FPDFAPI_FPDF_PARSER_INCLUDE_CPDF_PARSER_H_
-- 
cgit v1.2.3