From e507dc5004184ae3f8fd1cd19b723b4be69a46da Mon Sep 17 00:00:00 2001 From: tsepez Date: Wed, 18 Jan 2017 10:24:35 -0800 Subject: Bad indexing in CPDF_Document::FindPageIndex when page tree corrupt. Moving to std::vector from the more forgiving CFX_ArrayTemplate revealed the dubious page tree traversal, which depends on the correctness of the /Count entries to properly summarize the total descendants under a given node. The only "correct" thing to do is to throw away these counts as parsed, and re-compute them, perhaps in CountPages(). But I'm not willing to do that since it may break unknown documents in the wild. Pass out-params as pointers while we're at it. BUG=680376 Review-Url: https://codereview.chromium.org/2636403003 --- core/fpdfapi/parser/cpdf_document.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core/fpdfapi/parser/cpdf_document.h') diff --git a/core/fpdfapi/parser/cpdf_document.h b/core/fpdfapi/parser/cpdf_document.h index 65455480a4..3848ad6220 100644 --- a/core/fpdfapi/parser/cpdf_document.h +++ b/core/fpdfapi/parser/cpdf_document.h @@ -106,9 +106,9 @@ class CPDF_Document : public CPDF_IndirectObjectHolder { // When this method is called, m_pTreeTraversal[level] exists. CPDF_Dictionary* TraversePDFPages(int iPage, int* nPagesToGo, size_t level); int FindPageIndex(CPDF_Dictionary* pNode, - uint32_t& skip_count, + uint32_t* skip_count, uint32_t objnum, - int& index, + int* index, int level = 0); std::unique_ptr ParseIndirectObject(uint32_t objnum) override; void LoadDocInternal(); -- cgit v1.2.3