| OLD | NEW |
|---|
| 1 // Copyright 2016 PDFium Authors. All rights reserved. | 1 // Copyright 2016 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fpdfapi/fpdf_parser/cpdf_hint_tables.h" | 7 #include "core/fpdfapi/fpdf_parser/cpdf_hint_tables.h" |
| 8 | 8 |
| 9 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" | 9 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" |
| 10 #include "core/fpdfapi/fpdf_parser/include/cpdf_data_avail.h" | 10 #include "core/fpdfapi/fpdf_parser/include/cpdf_data_avail.h" |
| (...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 // objects in a shared object group. Skipped. | 271 // objects in a shared object group. Skipped. |
| 272 hStream->SkipBits(16); | 272 hStream->SkipBits(16); |
| 273 | 273 |
| 274 // Item 6: The least length of a shared object group in bytes. | 274 // Item 6: The least length of a shared object group in bytes. |
| 275 uint32_t dwGroupLeastLen = hStream->GetBits(32); | 275 uint32_t dwGroupLeastLen = hStream->GetBits(32); |
| 276 | 276 |
| 277 // Item 7: The number of bits needed to represent the difference between the | 277 // Item 7: The number of bits needed to represent the difference between the |
| 278 // greatest and least length of a shared object group, in bytes. | 278 // greatest and least length of a shared object group, in bytes. |
| 279 uint32_t dwDeltaGroupLen = hStream->GetBits(16); | 279 uint32_t dwDeltaGroupLen = hStream->GetBits(16); |
| 280 | 280 |
| 281 if (dwFirstSharedObjNum >= CPDF_Parser::kMaxObjectNumber || |
| 282 m_nFirstPageSharedObjs >= CPDF_Parser::kMaxObjectNumber || |
| 283 dwSharedObjTotal >= CPDF_Parser::kMaxObjectNumber) { |
| 284 return false; |
| 285 } |
| 286 |
| 281 int nFirstPageObjNum = GetFirstPageObjectNumber(); | 287 int nFirstPageObjNum = GetFirstPageObjectNumber(); |
| 282 if (nFirstPageObjNum < 0) | 288 if (nFirstPageObjNum < 0) |
| 283 return false; | 289 return false; |
| 284 | 290 |
| 285 uint32_t dwPrevObjLen = 0; | 291 uint32_t dwPrevObjLen = 0; |
| 286 uint32_t dwCurObjLen = 0; | 292 uint32_t dwCurObjLen = 0; |
| 287 FX_SAFE_UINT32 required_bits = dwSharedObjTotal; | 293 FX_SAFE_UINT32 required_bits = dwSharedObjTotal; |
| 288 required_bits *= dwDeltaGroupLen; | 294 required_bits *= dwDeltaGroupLen; |
| 289 if (!CanReadFromBitStream(hStream, required_bits)) | 295 if (!CanReadFromBitStream(hStream, required_bits)) |
| 290 return false; | 296 return false; |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 491 } | 497 } |
| 492 | 498 |
| 493 int CPDF_HintTables::ReadPrimaryHintStream(int index) const { | 499 int CPDF_HintTables::ReadPrimaryHintStream(int index) const { |
| 494 CPDF_Array* pRange = m_pLinearizedDict->GetArrayBy("H"); | 500 CPDF_Array* pRange = m_pLinearizedDict->GetArrayBy("H"); |
| 495 if (!pRange) | 501 if (!pRange) |
| 496 return -1; | 502 return -1; |
| 497 | 503 |
| 498 CPDF_Object* pStreamLen = pRange->GetDirectObjectAt(index); | 504 CPDF_Object* pStreamLen = pRange->GetDirectObjectAt(index); |
| 499 return pStreamLen ? pStreamLen->GetInteger() : -1; | 505 return pStreamLen ? pStreamLen->GetInteger() : -1; |
| 500 } | 506 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2283893003:
Add some limit checks to ReadSharedObjHintTable(). (Closed)
