| OLD | NEW |
|---|
| 1 // Copyright 2016 PDFium Authors. All rights reserved. | 1 // Copyright 2016 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h" | 7 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h" |
| 8 | 8 |
| 9 #include "core/fpdfapi/fpdf_parser/cpdf_data_avail.h" | 9 #include "core/fpdfapi/fpdf_parser/cpdf_data_avail.h" |
| 10 #include "core/fpdfapi/fpdf_parser/fpdf_parser_utility.h" | 10 #include "core/fpdfapi/fpdf_parser/fpdf_parser_utility.h" |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 m_pPageDict = NULL; | 82 m_pPageDict = NULL; |
| 83 m_pPageResource = NULL; | 83 m_pPageResource = NULL; |
| 84 m_docStatus = PDF_DATAAVAIL_HEADER; | 84 m_docStatus = PDF_DATAAVAIL_HEADER; |
| 85 m_parser.m_bOwnFileRead = false; | 85 m_parser.m_bOwnFileRead = false; |
| 86 m_bTotalLoadPageTree = FALSE; | 86 m_bTotalLoadPageTree = FALSE; |
| 87 m_bCurPageDictLoadOK = FALSE; | 87 m_bCurPageDictLoadOK = FALSE; |
| 88 m_bLinearedDataOK = FALSE; | 88 m_bLinearedDataOK = FALSE; |
| 89 m_bSupportHintTable = bSupportHintTable; | 89 m_bSupportHintTable = bSupportHintTable; |
| 90 } | 90 } |
| 91 CPDF_DataAvail::~CPDF_DataAvail() { | 91 CPDF_DataAvail::~CPDF_DataAvail() { |
| 92 m_pHintTables.reset(); |
| 92 if (m_pLinearized) | 93 if (m_pLinearized) |
| 93 m_pLinearized->Release(); | 94 m_pLinearized->Release(); |
| 94 | 95 |
| 95 if (m_pRoot) | 96 if (m_pRoot) |
| 96 m_pRoot->Release(); | 97 m_pRoot->Release(); |
| 97 | 98 |
| 98 if (m_pTrailer) | 99 if (m_pTrailer) |
| 99 m_pTrailer->Release(); | 100 m_pTrailer->Release(); |
| 100 | 101 |
| 101 int iSize = m_arrayAcroforms.GetSize(); | 102 int iSize = m_arrayAcroforms.GetSize(); |
| (...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 613 m_docStatus = PDF_DATAAVAIL_ERROR; | 614 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 614 return FALSE; | 615 return FALSE; |
| 615 } | 616 } |
| 616 | 617 |
| 617 pPages->Release(); | 618 pPages->Release(); |
| 618 m_docStatus = PDF_DATAAVAIL_PAGE; | 619 m_docStatus = PDF_DATAAVAIL_PAGE; |
| 619 return TRUE; | 620 return TRUE; |
| 620 } | 621 } |
| 621 | 622 |
| 622 FX_BOOL CPDF_DataAvail::CheckHeader(IPDF_DataAvail::DownloadHints* pHints) { | 623 FX_BOOL CPDF_DataAvail::CheckHeader(IPDF_DataAvail::DownloadHints* pHints) { |
| 623 uint32_t req_size = 1024; | 624 ASSERT(m_dwFileLen >= 0); |
| 624 if ((FX_FILESIZE)req_size > m_dwFileLen) | 625 const uint32_t kReqSize = std::min(static_cast<uint32_t>(m_dwFileLen), 1024U); |
| 625 req_size = (uint32_t)m_dwFileLen; | |
| 626 | 626 |
| 627 if (m_pFileAvail->IsDataAvail(0, req_size)) { | 627 if (m_pFileAvail->IsDataAvail(0, kReqSize)) { |
| 628 uint8_t buffer[1024]; | 628 uint8_t buffer[1024]; |
| 629 m_pFileRead->ReadBlock(buffer, 0, req_size); | 629 m_pFileRead->ReadBlock(buffer, 0, kReqSize); |
| 630 | 630 |
| 631 if (IsLinearizedFile(buffer, req_size)) { | 631 if (IsLinearizedFile(buffer, kReqSize)) { |
| 632 m_docStatus = PDF_DATAAVAIL_FIRSTPAGE; | 632 m_docStatus = PDF_DATAAVAIL_FIRSTPAGE; |
| 633 } else { | 633 } else { |
| 634 if (m_docStatus == PDF_DATAAVAIL_ERROR) | 634 if (m_docStatus == PDF_DATAAVAIL_ERROR) |
| 635 return FALSE; | 635 return FALSE; |
| 636 m_docStatus = PDF_DATAAVAIL_END; | 636 m_docStatus = PDF_DATAAVAIL_END; |
| 637 } | 637 } |
| 638 return TRUE; | 638 return TRUE; |
| 639 } | 639 } |
| 640 | 640 |
| 641 pHints->AddSegment(0, req_size); | 641 pHints->AddSegment(0, kReqSize); |
| 642 return FALSE; | 642 return FALSE; |
| 643 } | 643 } |
| 644 | 644 |
| 645 FX_BOOL CPDF_DataAvail::CheckFirstPage(IPDF_DataAvail::DownloadHints* pHints) { | 645 FX_BOOL CPDF_DataAvail::CheckFirstPage(IPDF_DataAvail::DownloadHints* pHints) { |
| 646 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); | 646 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); |
| 647 CPDF_Object* pEndOffSet = pDict ? pDict->GetObjectBy("E") : NULL; | 647 CPDF_Object* pEndOffSet = pDict ? pDict->GetObjectBy("E") : NULL; |
| 648 if (!pEndOffSet) { | 648 if (!pEndOffSet) { |
| 649 m_docStatus = PDF_DATAAVAIL_ERROR; | 649 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 650 return FALSE; | 650 return FALSE; |
| 651 } | 651 } |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 806 return nullptr; | 806 return nullptr; |
| 807 } | 807 } |
| 808 | 808 |
| 809 CPDF_Object* pObj = | 809 CPDF_Object* pObj = |
| 810 m_syntaxParser.GetObject(pObjList, parser_objnum, gennum, true); | 810 m_syntaxParser.GetObject(pObjList, parser_objnum, gennum, true); |
| 811 m_syntaxParser.RestorePos(SavedPos); | 811 m_syntaxParser.RestorePos(SavedPos); |
| 812 return pObj; | 812 return pObj; |
| 813 } | 813 } |
| 814 | 814 |
| 815 IPDF_DataAvail::DocLinearizationStatus CPDF_DataAvail::IsLinearizedPDF() { | 815 IPDF_DataAvail::DocLinearizationStatus CPDF_DataAvail::IsLinearizedPDF() { |
| 816 uint32_t req_size = 1024; | 816 const uint32_t kReqSize = 1024; |
| 817 if (!m_pFileAvail->IsDataAvail(0, req_size)) | 817 if (!m_pFileAvail->IsDataAvail(0, kReqSize)) |
| 818 return LinearizationUnknown; | 818 return LinearizationUnknown; |
| 819 | 819 |
| 820 if (!m_pFileRead) | 820 if (!m_pFileRead) |
| 821 return NotLinearized; | 821 return NotLinearized; |
| 822 | 822 |
| 823 FX_FILESIZE dwSize = m_pFileRead->GetSize(); | 823 FX_FILESIZE dwSize = m_pFileRead->GetSize(); |
| 824 if (dwSize < (FX_FILESIZE)req_size) | 824 if (dwSize < (FX_FILESIZE)kReqSize) |
| 825 return LinearizationUnknown; | 825 return LinearizationUnknown; |
| 826 | 826 |
| 827 uint8_t buffer[1024]; | 827 uint8_t buffer[1024]; |
| 828 m_pFileRead->ReadBlock(buffer, 0, req_size); | 828 m_pFileRead->ReadBlock(buffer, 0, kReqSize); |
| 829 if (IsLinearizedFile(buffer, req_size)) | 829 if (IsLinearizedFile(buffer, kReqSize)) |
| 830 return Linearized; | 830 return Linearized; |
| 831 | 831 |
| 832 return NotLinearized; | 832 return NotLinearized; |
| 833 } | 833 } |
| 834 |
| 834 FX_BOOL CPDF_DataAvail::IsLinearizedFile(uint8_t* pData, uint32_t dwLen) { | 835 FX_BOOL CPDF_DataAvail::IsLinearizedFile(uint8_t* pData, uint32_t dwLen) { |
| 836 if (m_pLinearized) |
| 837 return m_bLinearized; |
| 838 |
| 835 ScopedFileStream file(FX_CreateMemoryStream(pData, (size_t)dwLen, FALSE)); | 839 ScopedFileStream file(FX_CreateMemoryStream(pData, (size_t)dwLen, FALSE)); |
| 836 | 840 |
| 837 int32_t offset = GetHeaderOffset(file.get()); | 841 int32_t offset = GetHeaderOffset(file.get()); |
| 838 if (offset == -1) { | 842 if (offset == -1) { |
| 839 m_docStatus = PDF_DATAAVAIL_ERROR; | 843 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 840 return FALSE; | 844 return FALSE; |
| 841 } | 845 } |
| 842 | 846 |
| 843 m_dwHeaderOffset = offset; | 847 m_dwHeaderOffset = offset; |
| 844 m_syntaxParser.InitParser(file.get(), offset); | 848 m_syntaxParser.InitParser(file.get(), offset); |
| 845 m_syntaxParser.RestorePos(m_syntaxParser.m_HeaderOffset + 9); | 849 m_syntaxParser.RestorePos(m_syntaxParser.m_HeaderOffset + 9); |
| 846 | 850 |
| 847 bool bNumber; | 851 bool bNumber; |
| 848 CFX_ByteString wordObjNum = m_syntaxParser.GetNextWord(&bNumber); | 852 CFX_ByteString wordObjNum = m_syntaxParser.GetNextWord(&bNumber); |
| 849 if (!bNumber) | 853 if (!bNumber) |
| 850 return FALSE; | 854 return FALSE; |
| 851 | 855 |
| 852 uint32_t objnum = FXSYS_atoui(wordObjNum.c_str()); | 856 uint32_t objnum = FXSYS_atoui(wordObjNum.c_str()); |
| 853 if (m_pLinearized) { | |
| 854 m_pLinearized->Release(); | |
| 855 m_pLinearized = nullptr; | |
| 856 } | |
| 857 | |
| 858 m_pLinearized = | 857 m_pLinearized = |
| 859 ParseIndirectObjectAt(m_syntaxParser.m_HeaderOffset + 9, objnum); | 858 ParseIndirectObjectAt(m_syntaxParser.m_HeaderOffset + 9, objnum); |
| 860 if (!m_pLinearized) | 859 if (!m_pLinearized) |
| 861 return FALSE; | 860 return FALSE; |
| 862 | 861 |
| 863 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); | 862 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); |
| 864 if (pDict && pDict->GetObjectBy("Linearized")) { | 863 if (!pDict || !pDict->GetObjectBy("Linearized")) |
| 865 CPDF_Object* pLen = pDict->GetObjectBy("L"); | 864 return FALSE; |
| 866 if (!pLen) | |
| 867 return FALSE; | |
| 868 | 865 |
| 869 if ((FX_FILESIZE)pLen->GetInteger() != m_pFileRead->GetSize()) | 866 CPDF_Object* pLen = pDict->GetObjectBy("L"); |
| 870 return FALSE; | 867 if (!pLen) |
| 868 return FALSE; |
| 871 | 869 |
| 872 m_bLinearized = TRUE; | 870 if ((FX_FILESIZE)pLen->GetInteger() != m_pFileRead->GetSize()) |
| 871 return FALSE; |
| 873 | 872 |
| 874 if (CPDF_Number* pNo = ToNumber(pDict->GetObjectBy("P"))) | 873 m_bLinearized = TRUE; |
| 875 m_dwFirstPageNo = pNo->GetInteger(); | |
| 876 | 874 |
| 877 return TRUE; | 875 if (CPDF_Number* pNo = ToNumber(pDict->GetObjectBy("P"))) |
| 878 } | 876 m_dwFirstPageNo = pNo->GetInteger(); |
| 879 return FALSE; | 877 |
| 878 return TRUE; |
| 880 } | 879 } |
| 881 | 880 |
| 882 FX_BOOL CPDF_DataAvail::CheckEnd(IPDF_DataAvail::DownloadHints* pHints) { | 881 FX_BOOL CPDF_DataAvail::CheckEnd(IPDF_DataAvail::DownloadHints* pHints) { |
| 883 uint32_t req_pos = (uint32_t)(m_dwFileLen > 1024 ? m_dwFileLen - 1024 : 0); | 882 uint32_t req_pos = (uint32_t)(m_dwFileLen > 1024 ? m_dwFileLen - 1024 : 0); |
| 884 uint32_t dwSize = (uint32_t)(m_dwFileLen - req_pos); | 883 uint32_t dwSize = (uint32_t)(m_dwFileLen - req_pos); |
| 885 | 884 |
| 886 if (m_pFileAvail->IsDataAvail(req_pos, dwSize)) { | 885 if (m_pFileAvail->IsDataAvail(req_pos, dwSize)) { |
| 887 uint8_t buffer[1024]; | 886 uint8_t buffer[1024]; |
| 888 m_pFileRead->ReadBlock(buffer, req_pos, dwSize); | 887 m_pFileRead->ReadBlock(buffer, req_pos, dwSize); |
| 889 | 888 |
| (...skipping 942 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1832 return FormAvailable; | 1831 return FormAvailable; |
| 1833 } | 1832 } |
| 1834 | 1833 |
| 1835 CPDF_DataAvail::PageNode::PageNode() : m_type(PDF_PAGENODE_UNKNOWN) {} | 1834 CPDF_DataAvail::PageNode::PageNode() : m_type(PDF_PAGENODE_UNKNOWN) {} |
| 1836 | 1835 |
| 1837 CPDF_DataAvail::PageNode::~PageNode() { | 1836 CPDF_DataAvail::PageNode::~PageNode() { |
| 1838 for (int32_t i = 0; i < m_childNode.GetSize(); ++i) | 1837 for (int32_t i = 0; i < m_childNode.GetSize(); ++i) |
| 1839 delete m_childNode[i]; | 1838 delete m_childNode[i]; |
| 1840 m_childNode.RemoveAll(); | 1839 m_childNode.RemoveAll(); |
| 1841 } | 1840 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1968743002:
Fix a potential UAF with FPDFAvail_IsLinearized(). (Closed)
Base URL: https://pdfium.googlesource.com/pdfium@master