Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_parser/cpdf_hint_tables.h

Issue 1968743002: Fix a potential UAF with FPDFAvail_IsLinearized(). (Closed) Base URL: https://pdfium.googlesource.com/pdfium@master
Patch Set: Use cached result Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/fpdfapi/fpdf_parser/cpdf_data_avail.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 PDFium Authors. All rights reserved. 1 // Copyright 2016 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #ifndef CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_ 7 #ifndef CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_
8 #define CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_ 8 #define CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_
9 9
10 #include <vector> 10 #include <vector>
11 11
12 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h" 12 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h"
13 #include "core/fxcrt/include/fx_basic.h" 13 #include "core/fxcrt/include/fx_basic.h"
14 #include "core/fxcrt/include/fx_stream.h" 14 #include "core/fxcrt/include/fx_stream.h"
15 15
16 class CFX_BitStream; 16 class CFX_BitStream;
17 class CPDF_DataAvail; 17 class CPDF_DataAvail;
18 class CPDF_Dictionary; 18 class CPDF_Dictionary;
19 class CPDF_Stream; 19 class CPDF_Stream;
20 20
21 class CPDF_HintTables { 21 class CPDF_HintTables {
22 public: 22 public:
23 CPDF_HintTables(CPDF_DataAvail* pDataAvail, CPDF_Dictionary* pLinearized) 23 CPDF_HintTables(CPDF_DataAvail* pDataAvail, CPDF_Dictionary* pLinearized)
24 : m_pLinearizedDict(pLinearized), 24 : m_pDataAvail(pDataAvail),
25 m_pDataAvail(pDataAvail), 25 m_pLinearizedDict(pLinearized),
26 m_nFirstPageSharedObjs(0), 26 m_nFirstPageSharedObjs(0),
27 m_szFirstPageObjOffset(0) {} 27 m_szFirstPageObjOffset(0) {}
28 ~CPDF_HintTables(); 28 ~CPDF_HintTables();
29 29
30 FX_BOOL GetPagePos(int index, 30 FX_BOOL GetPagePos(int index,
31 FX_FILESIZE& szPageStartPos, 31 FX_FILESIZE& szPageStartPos,
32 FX_FILESIZE& szPageLength, 32 FX_FILESIZE& szPageLength,
33 uint32_t& dwObjNum); 33 uint32_t& dwObjNum);
34 34
35 IPDF_DataAvail::DocAvailStatus CheckPage( 35 IPDF_DataAvail::DocAvailStatus CheckPage(
36 int index, 36 int index,
37 IPDF_DataAvail::DownloadHints* pHints); 37 IPDF_DataAvail::DownloadHints* pHints);
38 38
39 FX_BOOL LoadHintStream(CPDF_Stream* pHintStream); 39 FX_BOOL LoadHintStream(CPDF_Stream* pHintStream);
40 40
41 protected: 41 protected:
42 FX_BOOL ReadPageHintTable(CFX_BitStream* hStream); 42 FX_BOOL ReadPageHintTable(CFX_BitStream* hStream);
43 FX_BOOL ReadSharedObjHintTable(CFX_BitStream* hStream, uint32_t offset); 43 FX_BOOL ReadSharedObjHintTable(CFX_BitStream* hStream, uint32_t offset);
44 uint32_t GetItemLength(int index, const std::vector<FX_FILESIZE>& szArray); 44 uint32_t GetItemLength(int index, const std::vector<FX_FILESIZE>& szArray);
45 45
46 private: 46 private:
47 int ReadPrimaryHintStreamOffset() const; 47 int ReadPrimaryHintStreamOffset() const;
48 int ReadPrimaryHintStreamLength() const; 48 int ReadPrimaryHintStreamLength() const;
49 49
50 CPDF_Dictionary* m_pLinearizedDict; 50 // Owner, outlives this object.
51 CPDF_DataAvail* m_pDataAvail; 51 CPDF_DataAvail* const m_pDataAvail;
52
53 // Owned by |m_pDataAvail|.
54 CPDF_Dictionary* const m_pLinearizedDict;
55
52 uint32_t m_nFirstPageSharedObjs; 56 uint32_t m_nFirstPageSharedObjs;
53 FX_FILESIZE m_szFirstPageObjOffset; 57 FX_FILESIZE m_szFirstPageObjOffset;
54 CFX_ArrayTemplate<uint32_t> m_dwDeltaNObjsArray; 58 CFX_ArrayTemplate<uint32_t> m_dwDeltaNObjsArray;
55 CFX_ArrayTemplate<uint32_t> m_dwNSharedObjsArray; 59 CFX_ArrayTemplate<uint32_t> m_dwNSharedObjsArray;
56 CFX_ArrayTemplate<uint32_t> m_dwSharedObjNumArray; 60 CFX_ArrayTemplate<uint32_t> m_dwSharedObjNumArray;
57 CFX_ArrayTemplate<uint32_t> m_dwIdentifierArray; 61 CFX_ArrayTemplate<uint32_t> m_dwIdentifierArray;
58 std::vector<FX_FILESIZE> m_szPageOffsetArray; 62 std::vector<FX_FILESIZE> m_szPageOffsetArray;
59 std::vector<FX_FILESIZE> m_szSharedObjOffsetArray; 63 std::vector<FX_FILESIZE> m_szSharedObjOffsetArray;
60 }; 64 };
61 65
62 #endif // CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_ 66 #endif // CORE_FPDFAPI_FPDF_PARSER_CPDF_HINT_TABLES_H_
OLDNEW
« no previous file with comments | « core/fpdfapi/fpdf_parser/cpdf_data_avail.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698