From 42fb301abcf6b9f6a580f3d30defeadedf5d7ebd Mon Sep 17 00:00:00 2001 From: Dan Sinclair Date: Thu, 3 Mar 2016 08:59:22 -0500 Subject: Fix parsing of object numbers > 16,777,216. Currently, there is a check that an object number is <= 0x1000000. If that check fails, we end up putting the parser into a bad state and fail to load documents. The object does not need to be in the XRef table, or referenced from the document, just be in the document. This Cl removes the size check and updates the various atoi calls to use a uint32_t instead of an int32_t so we don't end up getting strange values when converting from a string. BUG=455199 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1755273002 . --- testing/resources/bug_455199.pdf | 73 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 testing/resources/bug_455199.pdf (limited to 'testing') diff --git a/testing/resources/bug_455199.pdf b/testing/resources/bug_455199.pdf new file mode 100644 index 0000000000..466affa4d1 --- /dev/null +++ b/testing/resources/bug_455199.pdf @@ -0,0 +1,73 @@ +%PDF-1.7 +% ò¤ô +1 0 obj << + /Type /Catalog + /Pages 2 0 R +>> +2 0 obj << + /Type /Pages + /MediaBox [ 0 0 200 200 ] + /Count 1 + /Kids [ 3 0 R ] +>> +endobj +3 0 obj << + /Type /Page + /Parent 2 0 R + /Resources << + /Font << + /F1 4 0 R + /F2 5 0 R + >> + >> + /Contents [6 0 R 7 0 R] +>> +endobj +4 0 obj << + /Type /Font + /Subtype /Type1 + /BaseFont /Times-Roman +>> +endobj +2147483648 0 obj +<>stream +x<9c><85><8e>± +Â0^@^E÷|Å<9b>DAc<82>iSÝ,ZpP(fpU^ZKÔ64|Füzãè$·^^Ü¡&C¢T<84><83>%8¸^T<94>|_äBÒ,<83>êÈüd<84>^@^WPׯD3Æ<97>yR]KÆ^[^[û<87>=7ºAål·B<8c><91>^¼|_ôý^Zh¯ÃDÝ^HCK¶<8a>Ô¿^]Yм<80>d<94>-þU*ë°·N£<Îv +¥µw?ÅÁ^Fí1ÂÚ{Óö<9d>î<83>ÇÓ¤ö<9f><8b><9a>|^@ 9@Ø +endstream +endobj +5 0 obj << + /Type /Font + /Subtype /Type1 + /BaseFont /Helvetica +>> +endobj +6 0 obj << +>> +stream +BT +20 50 Td +/F1 12 Tf +(Hello, world!) Tj +0 50 Td +/F2 16 Tf +(Goodbye, world!) Tj +ET +endstream +endobj +xref +0 7 +0000000000 65535 f +0000000015 00000 n +0000000061 00000 n +0000000154 00000 n +0000000305 00000 n +0000000695 00000 n +0000000771 00000 n +trailer << + /Size 6 + /Root 1 0 R +>> +startxref +892 +%%EOF -- cgit v1.2.3