From aa1c7873c39964d063c89c14815e3fc566bbd896 Mon Sep 17 00:00:00 2001 From: Henrique Nakashima Date: Tue, 30 Jan 2018 19:12:10 +0000 Subject: Guard usages of tellp(). It may return -1 in error cases. Change-Id: I064ddcad8671b9ade2c02142a6c2c2983846e3a9 Reviewed-on: https://pdfium-review.googlesource.com/24650 Commit-Queue: Henrique Nakashima Reviewed-by: dsinclair --- core/fpdfapi/page/cpdf_streamparser.cpp | 9 +++++++++ core/fpdfapi/parser/cpdf_stream.cpp | 10 ++++++++++ 2 files changed, 19 insertions(+) (limited to 'core/fpdfapi') diff --git a/core/fpdfapi/page/cpdf_streamparser.cpp b/core/fpdfapi/page/cpdf_streamparser.cpp index 2c7e0256f5..71c8c8d29a 100644 --- a/core/fpdfapi/page/cpdf_streamparser.cpp +++ b/core/fpdfapi/page/cpdf_streamparser.cpp @@ -478,6 +478,9 @@ ByteString CPDF_StreamParser::ReadString() { case 0: if (ch == ')') { if (parlevel == 0) { + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast(buf.tellp()), kMaxStringLength)); @@ -557,6 +560,9 @@ ByteString CPDF_StreamParser::ReadString() { if (PositionIsInBounds()) ++m_Pos; + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast(buf.tellp()), kMaxStringLength)); @@ -590,6 +596,9 @@ ByteString CPDF_StreamParser::ReadHexString() { if (!bFirst) buf << static_cast(code); + if (buf.tellp() <= 0) + return ByteString(); + return ByteString( buf.str().c_str(), std::min(static_cast(buf.tellp()), kMaxStringLength)); diff --git a/core/fpdfapi/parser/cpdf_stream.cpp b/core/fpdfapi/parser/cpdf_stream.cpp index 074e747a78..5ff748469b 100644 --- a/core/fpdfapi/parser/cpdf_stream.cpp +++ b/core/fpdfapi/parser/cpdf_stream.cpp @@ -100,6 +100,11 @@ void CPDF_Stream::SetDataAndRemoveFilter(const uint8_t* pData, uint32_t size) { } void CPDF_Stream::SetDataAndRemoveFilter(std::ostringstream* stream) { + if (stream->tellp() <= 0) { + SetDataAndRemoveFilter(nullptr, 0); + return; + } + SetDataAndRemoveFilter( reinterpret_cast(stream->str().c_str()), stream->tellp()); } @@ -125,6 +130,11 @@ void CPDF_Stream::SetData(std::unique_ptr pData, } void CPDF_Stream::SetData(std::ostringstream* stream) { + if (stream->tellp() <= 0) { + SetData(nullptr, 0); + return; + } + SetData(reinterpret_cast(stream->str().c_str()), stream->tellp()); } -- cgit v1.2.3