From 0ec10f94ae0ec1927c4a33cd69eac0a5fbdcbd52 Mon Sep 17 00:00:00 2001
From: Artem Strygin <art-snake@yandex-team.ru>
Date: Thu, 28 Sep 2017 17:58:18 +0300
Subject: Fix infinite loop on form availability check.

The problem was, that the CPDF_SyntaxParser read last block
not from requested position. In this case It move down
requested position to fill whole buffer. As result this additional
data was not requested by DownloadHints.

To fix this allow resize data buffer in CPDF_SyntaxParser, to store
more small block, and always read from requsted position.

Also add reading check into CPDF_Parser::LoadLinearizedMainXRefTable to
prevent infinite loops.

Change-Id: I14d3f4457393025dca390aa3ceaa940716463534
Reviewed-on: https://pdfium-review.googlesource.com/11891
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 core/fpdfapi/parser/cpdf_syntax_parser.h | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'core/fpdfapi/parser/cpdf_syntax_parser.h')

diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.h b/core/fpdfapi/parser/cpdf_syntax_parser.h
index 3a8f7c59ec..2326362692 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.h
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.h
@@ -9,6 +9,7 @@
 
 #include <algorithm>
 #include <memory>
+#include <vector>
 
 #include "core/fxcrt/string_pool_template.h"
 #include "core/fxcrt/weak_ptr.h"
@@ -82,7 +83,7 @@ class CPDF_SyntaxParser {
   static int s_CurrentRecursionDepth;
 
   uint32_t GetDirectNum();
-  bool ReadChar(FX_FILESIZE read_pos, uint32_t read_size);
+  bool ReadBlockAt(FX_FILESIZE read_pos);
   bool GetNextChar(uint8_t& ch);
   bool GetCharAtBackward(FX_FILESIZE pos, uint8_t* ch);
   void GetNextWordInternal(bool* bIsNumber);
@@ -99,10 +100,7 @@ class CPDF_SyntaxParser {
       uint32_t objnum,
       uint32_t gennum);
 
-  inline bool CheckPosition(FX_FILESIZE pos) {
-    return m_BufOffset >= pos ||
-           static_cast<FX_FILESIZE>(m_BufOffset + m_BufSize) <= pos;
-  }
+  bool IsPositionRead(FX_FILESIZE pos) const;
 
   std::unique_ptr<CPDF_Object> GetObjectBodyInternal(
       CPDF_IndirectObjectHolder* pObjList,
@@ -116,8 +114,7 @@ class CPDF_SyntaxParser {
   RetainPtr<CPDF_ReadValidator> m_pFileAccess;
   FX_FILESIZE m_HeaderOffset;
   FX_FILESIZE m_FileLen;
-  uint8_t* m_pFileBuf;
-  uint32_t m_BufSize;
+  std::vector<uint8_t> m_pFileBuf;
   FX_FILESIZE m_BufOffset;
   RetainPtr<CPDF_CryptoHandler> m_pCryptoHandler;
   uint8_t m_WordBuffer[257];
-- 
cgit v1.2.3