From bb93b0ba5b3c430d3b996e2c009d48feb17a44c3 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Mon, 27 Apr 2015 13:24:03 -0700 Subject: SEGV in CFX_BaseSegmentedArray::Iterate() when CS has malformed dictionary. Failure to check document-controlled value before using it. BUG=481363 R=palmer@chromium.org, thestig@chromium.org Review URL: https://codereview.chromium.org/1110653002 --- core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp | 3 +++ core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp | 5 +++++ 2 files changed, 8 insertions(+) (limited to 'core/src') diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp index fc4e282f10..b6bf7950ff 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp @@ -438,6 +438,9 @@ public: FX_BOOL CPDF_LabCS::v_Load(CPDF_Document* pDoc, CPDF_Array* pArray) { CPDF_Dictionary* pDict = pArray->GetDict(1); + if (!pDict) { + return FALSE; + } CPDF_Array* pParam = pDict->GetArray(FX_BSTRC("WhitePoint")); int i; for (i = 0; i < 3; i ++) { diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp index 838c4316de..e00887ff5f 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp @@ -13,3 +13,8 @@ TEST_F(FPDFParserEmbeddertest, LoadError_454695) { EXPECT_TRUE(OpenDocument("testing/resources/bug_454695.pdf")); } +TEST_F(FPDFParserEmbeddertest, Bug_481363) { + // Test colorspace object with malformed dictionary. + EXPECT_TRUE(OpenDocument("testing/resources/bug_481363.pdf")); + EXPECT_NE(nullptr, LoadPage(0)); +} -- cgit v1.2.3