| OLD | NEW |
|---|
| 1 // Copyright 2016 PDFium Authors. All rights reserved. | 1 // Copyright 2016 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h" | 7 #include "core/fpdfapi/fpdf_parser/include/ipdf_data_avail.h" |
| 8 | 8 |
| 9 #include "core/fpdfapi/fpdf_parser/cpdf_data_avail.h" | 9 #include "core/fpdfapi/fpdf_parser/cpdf_data_avail.h" |
| 10 #include "core/fpdfapi/fpdf_parser/fpdf_parser_utility.h" | 10 #include "core/fpdfapi/fpdf_parser/fpdf_parser_utility.h" |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 m_pPageDict = NULL; | 82 m_pPageDict = NULL; |
| 83 m_pPageResource = NULL; | 83 m_pPageResource = NULL; |
| 84 m_docStatus = PDF_DATAAVAIL_HEADER; | 84 m_docStatus = PDF_DATAAVAIL_HEADER; |
| 85 m_parser.m_bOwnFileRead = false; | 85 m_parser.m_bOwnFileRead = false; |
| 86 m_bTotalLoadPageTree = FALSE; | 86 m_bTotalLoadPageTree = FALSE; |
| 87 m_bCurPageDictLoadOK = FALSE; | 87 m_bCurPageDictLoadOK = FALSE; |
| 88 m_bLinearedDataOK = FALSE; | 88 m_bLinearedDataOK = FALSE; |
| 89 m_bSupportHintTable = bSupportHintTable; | 89 m_bSupportHintTable = bSupportHintTable; |
| 90 } | 90 } |
| 91 CPDF_DataAvail::~CPDF_DataAvail() { | 91 CPDF_DataAvail::~CPDF_DataAvail() { |
| 92 m_pHintTables.reset(); |
| 92 if (m_pLinearized) | 93 if (m_pLinearized) |
| 93 m_pLinearized->Release(); | 94 m_pLinearized->Release(); |
| 94 | 95 |
| 95 if (m_pRoot) | 96 if (m_pRoot) |
| 96 m_pRoot->Release(); | 97 m_pRoot->Release(); |
| 97 | 98 |
| 98 if (m_pTrailer) | 99 if (m_pTrailer) |
| 99 m_pTrailer->Release(); | 100 m_pTrailer->Release(); |
| 100 | 101 |
| 101 int iSize = m_arrayAcroforms.GetSize(); | 102 int iSize = m_arrayAcroforms.GetSize(); |
| (...skipping 514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 616 m_docStatus = PDF_DATAAVAIL_ERROR; | 617 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 617 return FALSE; | 618 return FALSE; |
| 618 } | 619 } |
| 619 | 620 |
| 620 pPages->Release(); | 621 pPages->Release(); |
| 621 m_docStatus = PDF_DATAAVAIL_PAGE; | 622 m_docStatus = PDF_DATAAVAIL_PAGE; |
| 622 return TRUE; | 623 return TRUE; |
| 623 } | 624 } |
| 624 | 625 |
| 625 FX_BOOL CPDF_DataAvail::CheckHeader(IPDF_DataAvail::DownloadHints* pHints) { | 626 FX_BOOL CPDF_DataAvail::CheckHeader(IPDF_DataAvail::DownloadHints* pHints) { |
| 626 uint32_t req_size = 1024; | 627 ASSERT(m_dwFileLen >= 0); |
| 627 if ((FX_FILESIZE)req_size > m_dwFileLen) | 628 const uint32_t kReqSize = std::min(static_cast<uint32_t>(m_dwFileLen), 1024U); |
| 628 req_size = (uint32_t)m_dwFileLen; | |
| 629 | 629 |
| 630 if (m_pFileAvail->IsDataAvail(0, req_size)) { | 630 if (m_pFileAvail->IsDataAvail(0, kReqSize)) { |
| 631 uint8_t buffer[1024]; | 631 uint8_t buffer[1024]; |
| 632 m_pFileRead->ReadBlock(buffer, 0, req_size); | 632 m_pFileRead->ReadBlock(buffer, 0, kReqSize); |
| 633 | 633 |
| 634 if (IsLinearizedFile(buffer, req_size)) { | 634 if (IsLinearizedFile(buffer, kReqSize)) { |
| 635 m_docStatus = PDF_DATAAVAIL_FIRSTPAGE; | 635 m_docStatus = PDF_DATAAVAIL_FIRSTPAGE; |
| 636 } else { | 636 } else { |
| 637 if (m_docStatus == PDF_DATAAVAIL_ERROR) | 637 if (m_docStatus == PDF_DATAAVAIL_ERROR) |
| 638 return FALSE; | 638 return FALSE; |
| 639 m_docStatus = PDF_DATAAVAIL_END; | 639 m_docStatus = PDF_DATAAVAIL_END; |
| 640 } | 640 } |
| 641 return TRUE; | 641 return TRUE; |
| 642 } | 642 } |
| 643 | 643 |
| 644 pHints->AddSegment(0, req_size); | 644 pHints->AddSegment(0, kReqSize); |
| 645 return FALSE; | 645 return FALSE; |
| 646 } | 646 } |
| 647 | 647 |
| 648 FX_BOOL CPDF_DataAvail::CheckFirstPage(IPDF_DataAvail::DownloadHints* pHints) { | 648 FX_BOOL CPDF_DataAvail::CheckFirstPage(IPDF_DataAvail::DownloadHints* pHints) { |
| 649 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); | 649 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); |
| 650 CPDF_Object* pEndOffSet = pDict ? pDict->GetObjectBy("E") : NULL; | 650 CPDF_Object* pEndOffSet = pDict ? pDict->GetObjectBy("E") : NULL; |
| 651 if (!pEndOffSet) { | 651 if (!pEndOffSet) { |
| 652 m_docStatus = PDF_DATAAVAIL_ERROR; | 652 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 653 return FALSE; | 653 return FALSE; |
| 654 } | 654 } |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 809 return nullptr; | 809 return nullptr; |
| 810 } | 810 } |
| 811 | 811 |
| 812 CPDF_Object* pObj = | 812 CPDF_Object* pObj = |
| 813 m_syntaxParser.GetObject(pObjList, parser_objnum, gennum, true); | 813 m_syntaxParser.GetObject(pObjList, parser_objnum, gennum, true); |
| 814 m_syntaxParser.RestorePos(SavedPos); | 814 m_syntaxParser.RestorePos(SavedPos); |
| 815 return pObj; | 815 return pObj; |
| 816 } | 816 } |
| 817 | 817 |
| 818 IPDF_DataAvail::DocLinearizationStatus CPDF_DataAvail::IsLinearizedPDF() { | 818 IPDF_DataAvail::DocLinearizationStatus CPDF_DataAvail::IsLinearizedPDF() { |
| 819 uint32_t req_size = 1024; | 819 const uint32_t kReqSize = 1024; |
| 820 if (!m_pFileAvail->IsDataAvail(0, req_size)) | 820 if (!m_pFileAvail->IsDataAvail(0, kReqSize)) |
| 821 return LinearizationUnknown; | 821 return LinearizationUnknown; |
| 822 | 822 |
| 823 if (!m_pFileRead) | 823 if (!m_pFileRead) |
| 824 return NotLinearized; | 824 return NotLinearized; |
| 825 | 825 |
| 826 FX_FILESIZE dwSize = m_pFileRead->GetSize(); | 826 FX_FILESIZE dwSize = m_pFileRead->GetSize(); |
| 827 if (dwSize < (FX_FILESIZE)req_size) | 827 if (dwSize < (FX_FILESIZE)kReqSize) |
| 828 return LinearizationUnknown; | 828 return LinearizationUnknown; |
| 829 | 829 |
| 830 uint8_t buffer[1024]; | 830 uint8_t buffer[1024]; |
| 831 m_pFileRead->ReadBlock(buffer, 0, req_size); | 831 m_pFileRead->ReadBlock(buffer, 0, kReqSize); |
| 832 if (IsLinearizedFile(buffer, req_size)) | 832 if (IsLinearizedFile(buffer, kReqSize)) |
| 833 return Linearized; | 833 return Linearized; |
| 834 | 834 |
| 835 return NotLinearized; | 835 return NotLinearized; |
| 836 } | 836 } |
| 837 |
| 837 FX_BOOL CPDF_DataAvail::IsLinearizedFile(uint8_t* pData, uint32_t dwLen) { | 838 FX_BOOL CPDF_DataAvail::IsLinearizedFile(uint8_t* pData, uint32_t dwLen) { |
| 839 if (m_pLinearized) |
| 840 return m_bLinearized; |
| 841 |
| 838 ScopedFileStream file(FX_CreateMemoryStream(pData, (size_t)dwLen, FALSE)); | 842 ScopedFileStream file(FX_CreateMemoryStream(pData, (size_t)dwLen, FALSE)); |
| 839 | 843 |
| 840 int32_t offset = GetHeaderOffset(file.get()); | 844 int32_t offset = GetHeaderOffset(file.get()); |
| 841 if (offset == -1) { | 845 if (offset == -1) { |
| 842 m_docStatus = PDF_DATAAVAIL_ERROR; | 846 m_docStatus = PDF_DATAAVAIL_ERROR; |
| 843 return FALSE; | 847 return FALSE; |
| 844 } | 848 } |
| 845 | 849 |
| 846 m_dwHeaderOffset = offset; | 850 m_dwHeaderOffset = offset; |
| 847 m_syntaxParser.InitParser(file.get(), offset); | 851 m_syntaxParser.InitParser(file.get(), offset); |
| 848 m_syntaxParser.RestorePos(m_syntaxParser.m_HeaderOffset + 9); | 852 m_syntaxParser.RestorePos(m_syntaxParser.m_HeaderOffset + 9); |
| 849 | 853 |
| 850 bool bNumber; | 854 bool bNumber; |
| 851 CFX_ByteString wordObjNum = m_syntaxParser.GetNextWord(&bNumber); | 855 CFX_ByteString wordObjNum = m_syntaxParser.GetNextWord(&bNumber); |
| 852 if (!bNumber) | 856 if (!bNumber) |
| 853 return FALSE; | 857 return FALSE; |
| 854 | 858 |
| 855 uint32_t objnum = FXSYS_atoui(wordObjNum); | 859 uint32_t objnum = FXSYS_atoui(wordObjNum); |
| 856 if (m_pLinearized) { | |
| 857 m_pLinearized->Release(); | |
| 858 m_pLinearized = nullptr; | |
| 859 } | |
| 860 | |
| 861 m_pLinearized = | 860 m_pLinearized = |
| 862 ParseIndirectObjectAt(m_syntaxParser.m_HeaderOffset + 9, objnum); | 861 ParseIndirectObjectAt(m_syntaxParser.m_HeaderOffset + 9, objnum); |
| 863 if (!m_pLinearized) | 862 if (!m_pLinearized) |
| 864 return FALSE; | 863 return FALSE; |
| 865 | 864 |
| 866 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); | 865 CPDF_Dictionary* pDict = m_pLinearized->GetDict(); |
| 867 if (pDict && pDict->GetObjectBy("Linearized")) { | 866 if (!pDict || !pDict->GetObjectBy("Linearized")) |
| 868 CPDF_Object* pLen = pDict->GetObjectBy("L"); | 867 return FALSE; |
| 869 if (!pLen) | |
| 870 return FALSE; | |
| 871 | 868 |
| 872 if ((FX_FILESIZE)pLen->GetInteger() != m_pFileRead->GetSize()) | 869 CPDF_Object* pLen = pDict->GetObjectBy("L"); |
| 873 return FALSE; | 870 if (!pLen) |
| 871 return FALSE; |
| 874 | 872 |
| 875 m_bLinearized = TRUE; | 873 if ((FX_FILESIZE)pLen->GetInteger() != m_pFileRead->GetSize()) |
| 874 return FALSE; |
| 876 | 875 |
| 877 if (CPDF_Number* pNo = ToNumber(pDict->GetObjectBy("P"))) | 876 m_bLinearized = TRUE; |
| 878 m_dwFirstPageNo = pNo->GetInteger(); | |
| 879 | 877 |
| 880 return TRUE; | 878 if (CPDF_Number* pNo = ToNumber(pDict->GetObjectBy("P"))) |
| 881 } | 879 m_dwFirstPageNo = pNo->GetInteger(); |
| 882 return FALSE; | 880 |
| 881 return TRUE; |
| 883 } | 882 } |
| 884 | 883 |
| 885 FX_BOOL CPDF_DataAvail::CheckEnd(IPDF_DataAvail::DownloadHints* pHints) { | 884 FX_BOOL CPDF_DataAvail::CheckEnd(IPDF_DataAvail::DownloadHints* pHints) { |
| 886 uint32_t req_pos = (uint32_t)(m_dwFileLen > 1024 ? m_dwFileLen - 1024 : 0); | 885 uint32_t req_pos = (uint32_t)(m_dwFileLen > 1024 ? m_dwFileLen - 1024 : 0); |
| 887 uint32_t dwSize = (uint32_t)(m_dwFileLen - req_pos); | 886 uint32_t dwSize = (uint32_t)(m_dwFileLen - req_pos); |
| 888 | 887 |
| 889 if (m_pFileAvail->IsDataAvail(req_pos, dwSize)) { | 888 if (m_pFileAvail->IsDataAvail(req_pos, dwSize)) { |
| 890 uint8_t buffer[1024]; | 889 uint8_t buffer[1024]; |
| 891 m_pFileRead->ReadBlock(buffer, req_pos, dwSize); | 890 m_pFileRead->ReadBlock(buffer, req_pos, dwSize); |
| 892 | 891 |
| (...skipping 942 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1835 return FormAvailable; | 1834 return FormAvailable; |
| 1836 } | 1835 } |
| 1837 | 1836 |
| 1838 CPDF_DataAvail::PageNode::PageNode() : m_type(PDF_PAGENODE_UNKNOWN) {} | 1837 CPDF_DataAvail::PageNode::PageNode() : m_type(PDF_PAGENODE_UNKNOWN) {} |
| 1839 | 1838 |
| 1840 CPDF_DataAvail::PageNode::~PageNode() { | 1839 CPDF_DataAvail::PageNode::~PageNode() { |
| 1841 for (int32_t i = 0; i < m_childNode.GetSize(); ++i) | 1840 for (int32_t i = 0; i < m_childNode.GetSize(); ++i) |
| 1842 delete m_childNode[i]; | 1841 delete m_childNode[i]; |
| 1843 m_childNode.RemoveAll(); | 1842 m_childNode.RemoveAll(); |
| 1844 } | 1843 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1977903003:
Merge to M51: Fix a potential UAF with FPDFAvail_IsLinearized(). (Closed)
Base URL: https://pdfium.googlesource.com/pdfium@2704