From aeacba4a612a0a35b3e834d778716968c661f3ec Mon Sep 17 00:00:00 2001
From: Jun Fang <jun_fang@foxitsoftware.com>
Date: Fri, 22 Aug 2014 17:04:29 -0700
Subject: Fix a hang issue due to inconsistent page number in the test file

Pdfium reads the page number from the field of '/Count' but it can't
load the number assigned by this field due to the damaged data. Add a
check to ensure that the required page should be one of loaded pages.

BUG=406090
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/477873003
---
 core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/src/fpdfapi')

diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index e0fd3bfaee..ce397d2a53 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -3989,7 +3989,7 @@ FX_BOOL CPDF_DataAvail::CheckUnkownPageNode(FX_DWORD dwPageNo, CPDF_PageNode *pP
 FX_BOOL CPDF_DataAvail::CheckPageNode(CPDF_PageNode &pageNodes, FX_INT32 iPage, FX_INT32 &iCount, IFX_DownloadHints* pHints)
 {
     FX_INT32 iSize = pageNodes.m_childNode.GetSize();
-    if (!iSize) {
+    if (iSize <= 0 || iPage >= iSize) {
         m_docStatus = PDF_DATAAVAIL_ERROR;
         return FALSE;
     }
-- 
cgit v1.2.3