From c655167ed83f78a38264457e65dd11e653ab981d Mon Sep 17 00:00:00 2001 From: Jun Fang Date: Fri, 22 Aug 2014 17:06:32 -0700 Subject: Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize' BUG=387983 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/454283002 --- core/include/fpdfapi/fpdf_parser.h | 230 ++++++++++++++++++------------------- 1 file changed, 114 insertions(+), 116 deletions(-) (limited to 'core/include') diff --git a/core/include/fpdfapi/fpdf_parser.h b/core/include/fpdfapi/fpdf_parser.h index 7cab2117a2..10072027b3 100644 --- a/core/include/fpdfapi/fpdf_parser.h +++ b/core/include/fpdfapi/fpdf_parser.h @@ -952,198 +952,196 @@ public: CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead); ~CPDF_DataAvail(); - virtual FX_BOOL IsDocAvail(IFX_DownloadHints* pHints) FX_OVERRIDE; + virtual FX_BOOL IsDocAvail(IFX_DownloadHints* pHints) FX_OVERRIDE; + virtual void SetDocument(CPDF_Document* pDoc) FX_OVERRIDE; - virtual void SetDocument(CPDF_Document* pDoc) FX_OVERRIDE; + virtual FX_BOOL IsPageAvail(int iPage, IFX_DownloadHints* pHints) FX_OVERRIDE; + virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE; - virtual FX_BOOL IsPageAvail(int iPage, IFX_DownloadHints* pHints) FX_OVERRIDE; + virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE; - virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE; - - virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE; - - virtual FX_BOOL IsLinearized() FX_OVERRIDE + virtual FX_BOOL IsLinearized() FX_OVERRIDE { return m_bLinearized; } - virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE; - IFX_FileRead* GetFileRead() const + virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE; + IFX_FileRead* GetFileRead() const { return m_pFileRead; } - IFX_FileAvail* GetFileAvail() const + IFX_FileAvail* GetFileAvail() const { return m_pFileAvail; } protected: - FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset); - FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); - FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints); - FX_BOOL CheckHeader(IFX_DownloadHints* pHints); - FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints); - FX_BOOL CheckEnd(IFX_DownloadHints *pHints); - FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints); - FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHints); - FX_BOOL CheckTrailer(IFX_DownloadHints* pHints); - FX_BOOL CheckRoot(IFX_DownloadHints* pHints); - FX_BOOL CheckInfo(IFX_DownloadHints* pHints); - FX_BOOL CheckPages(IFX_DownloadHints* pHints); - FX_BOOL CheckPage(IFX_DownloadHints* pHints); - FX_BOOL CheckResources(IFX_DownloadHints* pHints); - FX_BOOL CheckAnnots(IFX_DownloadHints* pHints); - FX_BOOL CheckAcroForm(IFX_DownloadHints* pHints); - FX_BOOL CheckAcroFormSubObject(IFX_DownloadHints* pHints); - FX_BOOL CheckTrailerAppend(IFX_DownloadHints* pHints); - FX_BOOL CheckPageStatus(IFX_DownloadHints* pHints); - FX_BOOL CheckAllCrossRefStream(IFX_DownloadHints *pHints); + FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset); + FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); + FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints); + FX_BOOL CheckHeader(IFX_DownloadHints* pHints); + FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints); + FX_BOOL CheckEnd(IFX_DownloadHints *pHints); + FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints); + FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHints); + FX_BOOL CheckTrailer(IFX_DownloadHints* pHints); + FX_BOOL CheckRoot(IFX_DownloadHints* pHints); + FX_BOOL CheckInfo(IFX_DownloadHints* pHints); + FX_BOOL CheckPages(IFX_DownloadHints* pHints); + FX_BOOL CheckPage(IFX_DownloadHints* pHints); + FX_BOOL CheckResources(IFX_DownloadHints* pHints); + FX_BOOL CheckAnnots(IFX_DownloadHints* pHints); + FX_BOOL CheckAcroForm(IFX_DownloadHints* pHints); + FX_BOOL CheckAcroFormSubObject(IFX_DownloadHints* pHints); + FX_BOOL CheckTrailerAppend(IFX_DownloadHints* pHints); + FX_BOOL CheckPageStatus(IFX_DownloadHints* pHints); + FX_BOOL CheckAllCrossRefStream(IFX_DownloadHints *pHints); - FX_DWORD CheckCrossRefStream(IFX_DownloadHints *pHints, FX_FILESIZE &xref_offset); - FX_BOOL IsLinearizedFile(FX_LPBYTE pData, FX_DWORD dwLen); - void SetStartOffset(FX_FILESIZE dwOffset); - FX_BOOL GetNextToken(CFX_ByteString &token); - FX_BOOL GetNextChar(FX_BYTE &ch); - CPDF_Object * ParseIndirectObjectAt(FX_FILESIZE pos, FX_DWORD objnum); - CPDF_Object * GetObject(FX_DWORD objnum, IFX_DownloadHints* pHints, FX_BOOL *pExistInFile); - FX_BOOL GetPageKids(CPDF_Parser *pParser, CPDF_Object *pPages); - FX_BOOL PreparePageItem(); - FX_BOOL LoadPages(IFX_DownloadHints* pHints); - FX_BOOL LoadAllXref(IFX_DownloadHints* pHints); - FX_BOOL LoadAllFile(IFX_DownloadHints* pHints); - FX_BOOL CheckLinearizedData(IFX_DownloadHints* pHints); - FX_BOOL CheckFileResources(IFX_DownloadHints* pHints); - FX_BOOL CheckPageAnnots(int iPage, IFX_DownloadHints* pHints); + FX_DWORD CheckCrossRefStream(IFX_DownloadHints *pHints, FX_FILESIZE &xref_offset); + FX_BOOL IsLinearizedFile(FX_LPBYTE pData, FX_DWORD dwLen); + void SetStartOffset(FX_FILESIZE dwOffset); + FX_BOOL GetNextToken(CFX_ByteString &token); + FX_BOOL GetNextChar(FX_BYTE &ch); + CPDF_Object * ParseIndirectObjectAt(FX_FILESIZE pos, FX_DWORD objnum); + CPDF_Object * GetObject(FX_DWORD objnum, IFX_DownloadHints* pHints, FX_BOOL *pExistInFile); + FX_BOOL GetPageKids(CPDF_Parser *pParser, CPDF_Object *pPages); + FX_BOOL PreparePageItem(); + FX_BOOL LoadPages(IFX_DownloadHints* pHints); + FX_BOOL LoadAllXref(IFX_DownloadHints* pHints); + FX_BOOL LoadAllFile(IFX_DownloadHints* pHints); + FX_BOOL CheckLinearizedData(IFX_DownloadHints* pHints); + FX_BOOL CheckFileResources(IFX_DownloadHints* pHints); + FX_BOOL CheckPageAnnots(int iPage, IFX_DownloadHints* pHints); - FX_BOOL CheckLinearizedFirstPage(int iPage, IFX_DownloadHints* pHints); - FX_BOOL HaveResourceAncestor(CPDF_Dictionary *pDict); - FX_BOOL CheckPage(FX_INT32 iPage, IFX_DownloadHints* pHints); - FX_BOOL LoadDocPages(IFX_DownloadHints* pHints); - FX_BOOL LoadDocPage(FX_INT32 iPage, IFX_DownloadHints* pHints); - FX_BOOL CheckPageNode(CPDF_PageNode &pageNodes, FX_INT32 iPage, FX_INT32 &iCount, IFX_DownloadHints* pHints); - FX_BOOL CheckUnkownPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints); - FX_BOOL CheckArrayPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints); - FX_BOOL CheckPageCount(IFX_DownloadHints* pHints); - FX_BOOL IsFirstCheck(int iPage); - void ResetFirstCheck(int iPage); + FX_BOOL CheckLinearizedFirstPage(int iPage, IFX_DownloadHints* pHints); + FX_BOOL HaveResourceAncestor(CPDF_Dictionary *pDict); + FX_BOOL CheckPage(FX_INT32 iPage, IFX_DownloadHints* pHints); + FX_BOOL LoadDocPages(IFX_DownloadHints* pHints); + FX_BOOL LoadDocPage(FX_INT32 iPage, IFX_DownloadHints* pHints); + FX_BOOL CheckPageNode(CPDF_PageNode &pageNodes, FX_INT32 iPage, FX_INT32 &iCount, IFX_DownloadHints* pHints); + FX_BOOL CheckUnkownPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints); + FX_BOOL CheckArrayPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pPageNode, IFX_DownloadHints* pHints); + FX_BOOL CheckPageCount(IFX_DownloadHints* pHints); + FX_BOOL IsFirstCheck(int iPage); + void ResetFirstCheck(int iPage); - CPDF_Parser m_parser; + CPDF_Parser m_parser; - CPDF_SyntaxParser m_syntaxParser; + CPDF_SyntaxParser m_syntaxParser; - CPDF_Object *m_pRoot; + CPDF_Object *m_pRoot; - FX_DWORD m_dwRootObjNum; + FX_DWORD m_dwRootObjNum; - FX_DWORD m_dwInfoObjNum; + FX_DWORD m_dwInfoObjNum; - CPDF_Object *m_pLinearized; + CPDF_Object *m_pLinearized; - CPDF_Object *m_pTrailer; + CPDF_Object *m_pTrailer; - FX_BOOL m_bDocAvail; + FX_BOOL m_bDocAvail; - FX_FILESIZE m_dwHeaderOffset; + FX_FILESIZE m_dwHeaderOffset; - FX_FILESIZE m_dwLastXRefOffset; + FX_FILESIZE m_dwLastXRefOffset; - FX_FILESIZE m_dwXRefOffset; + FX_FILESIZE m_dwXRefOffset; - FX_FILESIZE m_dwTrailerOffset; + FX_FILESIZE m_dwTrailerOffset; - FX_FILESIZE m_dwCurrentOffset; + FX_FILESIZE m_dwCurrentOffset; - PDF_DATAAVAIL_STATUS m_docStatus; + PDF_DATAAVAIL_STATUS m_docStatus; - IFX_FileAvail* m_pFileAvail; + IFX_FileAvail* m_pFileAvail; - IFX_FileRead* m_pFileRead; + IFX_FileRead* m_pFileRead; - FX_FILESIZE m_dwFileLen; + FX_FILESIZE m_dwFileLen; - CPDF_Document* m_pDocument; + CPDF_Document* m_pDocument; - CPDF_SortObjNumArray m_objnum_array; + CPDF_SortObjNumArray m_objnum_array; - CFX_PtrArray m_objs_array; + CFX_PtrArray m_objs_array; - FX_FILESIZE m_Pos; + FX_FILESIZE m_Pos; - FX_FILESIZE m_bufferOffset; + FX_FILESIZE m_bufferOffset; - FX_DWORD m_bufferSize; + FX_DWORD m_bufferSize; - CFX_ByteString m_WordBuf; + CFX_ByteString m_WordBuf; - FX_BYTE m_WordBuffer[257]; + FX_BYTE m_WordBuffer[257]; - FX_DWORD m_WordSize; + FX_DWORD m_WordSize; - FX_BYTE m_bufferData[512]; + FX_BYTE m_bufferData[512]; - CFX_FileSizeArray m_CrossOffset; + CFX_FileSizeArray m_CrossOffset; - CFX_DWordArray m_XRefStreamList; + CFX_DWordArray m_XRefStreamList; - CFX_DWordArray m_PageObjList; + CFX_DWordArray m_PageObjList; - FX_DWORD m_PagesObjNum; + FX_DWORD m_PagesObjNum; - FX_BOOL m_bLinearized; + FX_BOOL m_bLinearized; - FX_DWORD m_dwFirstPageNo; + FX_DWORD m_dwFirstPageNo; - FX_BOOL m_bLinearedDataOK; + FX_BOOL m_bLinearedDataOK; - FX_BOOL m_bMainXRefLoad; + FX_BOOL m_bMainXRefLoadTried; - FX_BOOL m_bMainXRefLoadedOK; + FX_BOOL m_bMainXRefLoadedOK; - FX_BOOL m_bPagesTreeLoad; + FX_BOOL m_bPagesTreeLoad; - FX_BOOL m_bPagesLoad; + FX_BOOL m_bPagesLoad; - CPDF_Parser * m_pCurrentParser; + CPDF_Parser * m_pCurrentParser; - FX_FILESIZE m_dwCurrentXRefSteam; + FX_FILESIZE m_dwCurrentXRefSteam; - FX_BOOL m_bAnnotsLoad; + FX_BOOL m_bAnnotsLoad; - FX_BOOL m_bHaveAcroForm; + FX_BOOL m_bHaveAcroForm; - FX_DWORD m_dwAcroFormObjNum; + FX_DWORD m_dwAcroFormObjNum; - FX_BOOL m_bAcroFormLoad; + FX_BOOL m_bAcroFormLoad; - CPDF_Object * m_pAcroForm; + CPDF_Object * m_pAcroForm; - CFX_PtrArray m_arrayAcroforms; + CFX_PtrArray m_arrayAcroforms; - CPDF_Dictionary * m_pPageDict; + CPDF_Dictionary * m_pPageDict; - CPDF_Object * m_pPageResource; + CPDF_Object * m_pPageResource; - FX_BOOL m_bNeedDownLoadResource; + FX_BOOL m_bNeedDownLoadResource; - FX_BOOL m_bPageLoadedOK; + FX_BOOL m_bPageLoadedOK; - FX_BOOL m_bLinearizedFormParamLoad; + FX_BOOL m_bLinearizedFormParamLoad; - CFX_PtrArray m_PagesArray; + CFX_PtrArray m_PagesArray; - FX_DWORD m_dwEncryptObjNum; + FX_DWORD m_dwEncryptObjNum; - FX_FILESIZE m_dwPrevXRefOffset; + FX_FILESIZE m_dwPrevXRefOffset; - FX_BOOL m_bTotalLoadPageTree; + FX_BOOL m_bTotalLoadPageTree; - FX_BOOL m_bCurPageDictLoadOK; + FX_BOOL m_bCurPageDictLoadOK; - CPDF_PageNode m_pageNodes; + CPDF_PageNode m_pageNodes; - CFX_CMapDWordToDWord * m_pageMapCheckState; + CFX_CMapDWordToDWord * m_pageMapCheckState; - CFX_CMapDWordToDWord * m_pagesLoadState; + CFX_CMapDWordToDWord * m_pagesLoadState; }; #endif -- cgit v1.2.3