From 74742a75ac7a07c08cf36fe6f4eaa91bed8236a3 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Tue, 30 Jun 2015 12:18:55 -0700 Subject: Redo range check in CPDF_SampledFunc::v_Call(). The current |bitpos1| calculation protects the passed argument to _GetBits32(): |bitpos.ValueOrDie() + j * m_nBitsPerSample|, but doesn't account for adding in the sample length in that routine. Also bound bits per sample to something reasonable to avoid undefined behaviour on the shift to compute the max value. BUG=471990 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1219663003. --- fpdfsdk/src/fpdfview_embeddertest.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'fpdfsdk') diff --git a/fpdfsdk/src/fpdfview_embeddertest.cpp b/fpdfsdk/src/fpdfview_embeddertest.cpp index cc0aa1f818..60c14b3edb 100644 --- a/fpdfsdk/src/fpdfview_embeddertest.cpp +++ b/fpdfsdk/src/fpdfview_embeddertest.cpp @@ -197,6 +197,13 @@ TEST_F(FPDFViewEmbeddertest, Crasher_452455) { UnloadPage(page); } -TEST_F(FPDFViewEmbeddertest, Crasher3) { +TEST_F(FPDFViewEmbeddertest, Crasher_454695) { EXPECT_TRUE(OpenDocument("testing/resources/bug_454695.pdf")); } + +TEST_F(FPDFViewEmbeddertest, Crasher_471990) { + EXPECT_TRUE(OpenDocument("testing/resources/bug_471990.pdf")); + FPDF_PAGE page = LoadPage(0); + EXPECT_NE(nullptr, page); + UnloadPage(page); +} -- cgit v1.2.3