Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(575)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_parser/cpdf_parser.cpp

Issue 1871373002: fix infinite loops when rebuild the cross reference table (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 PDFium Authors. All rights reserved. 1 // Copyright 2016 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/fpdf_parser/include/cpdf_parser.h" 7 #include "core/fpdfapi/fpdf_parser/include/cpdf_parser.h"
8 8
9 #include <vector> 9 #include <vector>
10 10
(...skipping 913 matching lines...) Expand 10 before | Expand all | Expand 10 after
924 break; 924 break;
925 } 925 }
926 926
927 if (bOverFlow) { 927 if (bOverFlow) {
928 size = 0; 928 size = 0;
929 break; 929 break;
930 } 930 }
931 } 931 }
932 pos += size; 932 pos += size;
933 933
934 // If the position has not changed at all in a loop iteration, then break 934 // If the position has not changed at all or went backwards in a loop
935 // out to prevent infinite looping. 935 // iteration, then break out to prevent infinite looping.
936 if (pos == saved_pos) 936 if (pos <= saved_pos)
937 break; 937 break;
938 } 938 }
939 939
940 if (last_xref != -1 && last_xref > last_obj) 940 if (last_xref != -1 && last_xref > last_obj)
941 last_trailer = last_xref; 941 last_trailer = last_xref;
942 else if (last_trailer == -1 || last_xref < last_obj) 942 else if (last_trailer == -1 || last_xref < last_obj)
943 last_trailer = m_pSyntax->m_FileLen; 943 last_trailer = m_pSyntax->m_FileLen;
944 944
945 m_SortedOffset.insert(last_trailer - m_pSyntax->m_HeaderOffset); 945 m_SortedOffset.insert(last_trailer - m_pSyntax->m_HeaderOffset);
946 return m_pTrailer && !m_ObjectInfo.empty(); 946 return m_pTrailer && !m_ObjectInfo.empty();
(...skipping 697 matching lines...) Expand 10 before | Expand all | Expand 10 after
1644 if (!LoadLinearizedAllCrossRefV4(m_LastXRefOffset, m_dwXrefStartObjNum) && 1644 if (!LoadLinearizedAllCrossRefV4(m_LastXRefOffset, m_dwXrefStartObjNum) &&
1645 !LoadLinearizedAllCrossRefV5(m_LastXRefOffset)) { 1645 !LoadLinearizedAllCrossRefV5(m_LastXRefOffset)) {
1646 m_LastXRefOffset = 0; 1646 m_LastXRefOffset = 0;
1647 m_pSyntax->m_MetadataObjnum = dwSaveMetadataObjnum; 1647 m_pSyntax->m_MetadataObjnum = dwSaveMetadataObjnum;
1648 return FORMAT_ERROR; 1648 return FORMAT_ERROR;
1649 } 1649 }
1650 1650
1651 m_pSyntax->m_MetadataObjnum = dwSaveMetadataObjnum; 1651 m_pSyntax->m_MetadataObjnum = dwSaveMetadataObjnum;
1652 return SUCCESS; 1652 return SUCCESS;
1653 } 1653 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698