From e96e6fdddaffa2b4b82df4d4d551333939fb78c9 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 3 Apr 2018 15:02:37 +0000
Subject: Off-by-one in CPDF_StreamParser::ParseNextElement()

Limit the token to 255 bytes + NUL.  Also, shuffle fields in
cpdf_streamparser to allow memory tools to better check this
inline array.

Bug: 828049
Change-Id: I444f2b4c6958167577d9cd76c06805baf7d5c26c
Reviewed-on: https://pdfium-review.googlesource.com/29530
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 testing/resources/bug_828049.pdf | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 testing/resources/bug_828049.pdf

(limited to 'testing')

diff --git a/testing/resources/bug_828049.pdf b/testing/resources/bug_828049.pdf
new file mode 100644
index 0000000000..d8942bb674
--- /dev/null
+++ b/testing/resources/bug_828049.pdf
@@ -0,0 +1,6 @@
+%PDF
+1 0 obj<</Pages<</Contents <<
+>>stream
+0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+endobj
+trailer<</Root 1 0 R>>
\ No newline at end of file
-- 
cgit v1.2.3