| OLD | NEW |
|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/include/fpdfapi/fpdf_parser.h" | 7 #include "core/include/fpdfapi/fpdf_parser.h" |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 136 | 136 |
| 137 void CPDF_Parser::SetEncryptDictionary(CPDF_Dictionary* pDict) { | 137 void CPDF_Parser::SetEncryptDictionary(CPDF_Dictionary* pDict) { |
| 138 m_pEncryptDict = pDict; | 138 m_pEncryptDict = pDict; |
| 139 } | 139 } |
| 140 | 140 |
| 141 FX_FILESIZE CPDF_Parser::GetObjectPositionOrZero(FX_DWORD objnum) const { | 141 FX_FILESIZE CPDF_Parser::GetObjectPositionOrZero(FX_DWORD objnum) const { |
| 142 auto it = m_ObjectInfo.find(objnum); | 142 auto it = m_ObjectInfo.find(objnum); |
| 143 return it != m_ObjectInfo.end() ? it->second.pos : 0; | 143 return it != m_ObjectInfo.end() ? it->second.pos : 0; |
| 144 } | 144 } |
| 145 | 145 |
| 146 void CPDF_Parser::ShrinkObjectMap(FX_DWORD objnum) { |
| 147 if (objnum == 0) { |
| 148 m_ObjectInfo.clear(); |
| 149 return; |
| 150 } |
| 151 |
| 152 auto it = m_ObjectInfo.lower_bound(objnum); |
| 153 while (it != m_ObjectInfo.end()) { |
| 154 auto saved_it = it++; |
| 155 m_ObjectInfo.erase(saved_it); |
| 156 } |
| 157 |
| 158 if (!pdfium::ContainsKey(m_ObjectInfo, objnum - 1)) |
| 159 m_ObjectInfo[objnum - 1].pos = 0; |
| 160 } |
| 161 |
| 146 void CPDF_Parser::CloseParser(FX_BOOL bReParse) { | 162 void CPDF_Parser::CloseParser(FX_BOOL bReParse) { |
| 147 m_bVersionUpdated = FALSE; | 163 m_bVersionUpdated = FALSE; |
| 148 if (!bReParse) { | 164 if (!bReParse) { |
| 149 delete m_pDocument; | 165 delete m_pDocument; |
| 150 m_pDocument = NULL; | 166 m_pDocument = NULL; |
| 151 } | 167 } |
| 152 if (m_pTrailer) { | 168 if (m_pTrailer) { |
| 153 m_pTrailer->Release(); | 169 m_pTrailer->Release(); |
| 154 m_pTrailer = NULL; | 170 m_pTrailer = NULL; |
| 155 } | 171 } |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 372 } | 388 } |
| 373 m_pTrailer = LoadTrailerV4(); | 389 m_pTrailer = LoadTrailerV4(); |
| 374 if (!m_pTrailer) { | 390 if (!m_pTrailer) { |
| 375 return FALSE; | 391 return FALSE; |
| 376 } | 392 } |
| 377 | 393 |
| 378 int32_t xrefsize = GetDirectInteger(m_pTrailer, "Size"); | 394 int32_t xrefsize = GetDirectInteger(m_pTrailer, "Size"); |
| 379 if (xrefsize <= 0 || xrefsize > kMaxXRefSize) { | 395 if (xrefsize <= 0 || xrefsize > kMaxXRefSize) { |
| 380 return FALSE; | 396 return FALSE; |
| 381 } | 397 } |
| 382 m_ObjectInfo[0].pos = 0; | 398 ShrinkObjectMap(xrefsize); |
| 383 m_V5Type.SetSize(xrefsize); | 399 m_V5Type.SetSize(xrefsize); |
| 384 CFX_FileSizeArray CrossRefList; | 400 CFX_FileSizeArray CrossRefList; |
| 385 CFX_FileSizeArray XRefStreamList; | 401 CFX_FileSizeArray XRefStreamList; |
| 386 CrossRefList.Add(xrefpos); | 402 CrossRefList.Add(xrefpos); |
| 387 XRefStreamList.Add(GetDirectInteger(m_pTrailer, "XRefStm")); | 403 XRefStreamList.Add(GetDirectInteger(m_pTrailer, "XRefStm")); |
| 388 | 404 |
| 389 std::set<FX_FILESIZE> seen_xrefpos; | 405 std::set<FX_FILESIZE> seen_xrefpos; |
| 390 seen_xrefpos.insert(xrefpos); | 406 seen_xrefpos.insert(xrefpos); |
| 391 // When |m_pTrailer| doesn't have Prev entry or Prev entry value is not | 407 // When |m_pTrailer| doesn't have Prev entry or Prev entry value is not |
| 392 // numerical, GetDirectInteger() returns 0. Loading will end. | 408 // numerical, GetDirectInteger() returns 0. Loading will end. |
| (...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1022 return FALSE; | 1038 return FALSE; |
| 1023 | 1039 |
| 1024 *pos = pStream->GetDict()->GetInteger("Prev"); | 1040 *pos = pStream->GetDict()->GetInteger("Prev"); |
| 1025 int32_t size = pStream->GetDict()->GetInteger("Size"); | 1041 int32_t size = pStream->GetDict()->GetInteger("Size"); |
| 1026 if (size < 0) { | 1042 if (size < 0) { |
| 1027 pStream->Release(); | 1043 pStream->Release(); |
| 1028 return FALSE; | 1044 return FALSE; |
| 1029 } | 1045 } |
| 1030 if (bMainXRef) { | 1046 if (bMainXRef) { |
| 1031 m_pTrailer = ToDictionary(pStream->GetDict()->Clone()); | 1047 m_pTrailer = ToDictionary(pStream->GetDict()->Clone()); |
| 1032 m_ObjectInfo[0].pos = 0; | 1048 ShrinkObjectMap(size); |
| 1033 if (m_V5Type.SetSize(size)) { | 1049 if (m_V5Type.SetSize(size)) { |
| 1034 FXSYS_memset(m_V5Type.GetData(), 0, size); | 1050 FXSYS_memset(m_V5Type.GetData(), 0, size); |
| 1035 } | 1051 } |
| 1036 } else { | 1052 } else { |
| 1037 m_Trailers.Add(ToDictionary(pStream->GetDict()->Clone())); | 1053 m_Trailers.Add(ToDictionary(pStream->GetDict()->Clone())); |
| 1038 } | 1054 } |
| 1039 std::vector<std::pair<int32_t, int32_t> > arrIndex; | 1055 std::vector<std::pair<int32_t, int32_t> > arrIndex; |
| 1040 CPDF_Array* pArray = pStream->GetDict()->GetArray("Index"); | 1056 CPDF_Array* pArray = pStream->GetDict()->GetArray("Index"); |
| 1041 if (pArray) { | 1057 if (pArray) { |
| 1042 FX_DWORD nPairSize = pArray->GetCount() / 2; | 1058 FX_DWORD nPairSize = pArray->GetCount() / 2; |
| (...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1600 m_LastXRefOffset = 0; | 1616 m_LastXRefOffset = 0; |
| 1601 } | 1617 } |
| 1602 if (bLoadV4) { | 1618 if (bLoadV4) { |
| 1603 m_pTrailer = LoadTrailerV4(); | 1619 m_pTrailer = LoadTrailerV4(); |
| 1604 if (!m_pTrailer) { | 1620 if (!m_pTrailer) { |
| 1605 return PDFPARSE_ERROR_SUCCESS; | 1621 return PDFPARSE_ERROR_SUCCESS; |
| 1606 } | 1622 } |
| 1607 | 1623 |
| 1608 int32_t xrefsize = GetDirectInteger(m_pTrailer, "Size"); | 1624 int32_t xrefsize = GetDirectInteger(m_pTrailer, "Size"); |
| 1609 if (xrefsize > 0) { | 1625 if (xrefsize > 0) { |
| 1610 m_ObjectInfo[0].pos = 0; | 1626 ShrinkObjectMap(xrefsize); |
| 1611 m_V5Type.SetSize(xrefsize); | 1627 m_V5Type.SetSize(xrefsize); |
| 1612 } | 1628 } |
| 1613 } | 1629 } |
| 1614 FX_DWORD dwRet = SetEncryptHandler(); | 1630 FX_DWORD dwRet = SetEncryptHandler(); |
| 1615 if (dwRet != PDFPARSE_ERROR_SUCCESS) { | 1631 if (dwRet != PDFPARSE_ERROR_SUCCESS) { |
| 1616 return dwRet; | 1632 return dwRet; |
| 1617 } | 1633 } |
| 1618 m_pDocument->LoadAsynDoc(m_pLinearized->GetDict()); | 1634 m_pDocument->LoadAsynDoc(m_pLinearized->GetDict()); |
| 1619 if (!m_pDocument->GetRoot() || m_pDocument->GetPageCount() == 0) { | 1635 if (!m_pDocument->GetRoot() || m_pDocument->GetPageCount() == 0) { |
| 1620 if (bXRefRebuilt) { | 1636 if (bXRefRebuilt) { |
| (...skipping 3369 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4990 if (!m_pLinearizedDict) | 5006 if (!m_pLinearizedDict) |
| 4991 return -1; | 5007 return -1; |
| 4992 CPDF_Array* pRange = m_pLinearizedDict->GetArray("H"); | 5008 CPDF_Array* pRange = m_pLinearizedDict->GetArray("H"); |
| 4993 if (!pRange) | 5009 if (!pRange) |
| 4994 return -1; | 5010 return -1; |
| 4995 CPDF_Object* pStreamLen = pRange->GetElementValue(1); | 5011 CPDF_Object* pStreamLen = pRange->GetElementValue(1); |
| 4996 if (!pStreamLen) | 5012 if (!pStreamLen) |
| 4997 return -1; | 5013 return -1; |
| 4998 return pStreamLen->GetInteger(); | 5014 return pStreamLen->GetInteger(); |
| 4999 } | 5015 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1582763002:
Fix out of bound access in CPDF_Parser::ParseIndirectObject(). (Closed)
Base URL: https://pdfium.googlesource.com/pdfium@master