| Index: xfa/fde/xml/fde_xml_imp.cpp
|
| diff --git a/xfa/fde/xml/fde_xml_imp.cpp b/xfa/fde/xml/fde_xml_imp.cpp
|
| index d7b22e076fcaf2cc0f998e86a068a9050ac59751..6a2c9fe57d1a50eac64ec15e1b5f87aade2564cf 100644
|
| --- a/xfa/fde/xml/fde_xml_imp.cpp
|
| +++ b/xfa/fde/xml/fde_xml_imp.cpp
|
| @@ -8,6 +8,7 @@
|
|
|
| #include <algorithm>
|
|
|
| +#include "core/fxcrt/include/fx_safe_types.h"
|
| #include "xfa/fgas/crt/fgas_codepage.h"
|
| #include "xfa/fgas/crt/fgas_system.h"
|
|
|
| @@ -1474,7 +1475,15 @@ void CFDE_XMLSyntaxParser::Init(IFX_Stream* pStream,
|
| uint8_t bom[4];
|
| m_iCurrentPos = m_pStream->GetBOM(bom);
|
| ASSERT(m_pBuffer == NULL);
|
| - m_pBuffer = FX_Alloc(FX_WCHAR, m_iXMLPlaneSize);
|
| +
|
| + FX_SAFE_INT32 alloc_size_safe = m_iXMLPlaneSize;
|
| + alloc_size_safe += 1; // For NUL.
|
| + if (!alloc_size_safe.IsValid() || alloc_size_safe.ValueOrDie() <= 0) {
|
| + m_syntaxParserResult = FDE_XmlSyntaxResult::Error;
|
| + return;
|
| + }
|
| +
|
| + m_pBuffer = FX_Alloc(FX_WCHAR, alloc_size_safe.ValueOrDie());
|
| m_pStart = m_pEnd = m_pBuffer;
|
| ASSERT(!m_BlockBuffer.IsInitialized());
|
| m_BlockBuffer.InitBuffer();
|
|
|
Chromium Code Reviews
Issue 2017803002:
Make sure CFDE_XMLSyntaxParser's buffer is null terminated. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master