Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 367383002: Fix for UMR in CXML_Parser::GetCharRef. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Rebase origin/master Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « AUTHORS ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fpdfapi/fpdf_page.h" 9 #include "../../../include/fpdfapi/fpdf_page.h"
10 #include "../../../../third_party/numerics/safe_math.h"
10 #include "../fpdf_page/pageint.h" 11 #include "../fpdf_page/pageint.h"
11 #include <limits.h> 12 #include <limits.h>
12 #define _PARSER_OBJECT_LEVLE_ 64 13 #define _PARSER_OBJECT_LEVLE_ 64
13 extern const FX_LPCSTR _PDF_CharType; 14 extern const FX_LPCSTR _PDF_CharType;
14 FX_BOOL IsSignatureDict(const CPDF_Dictionary* pDict) 15 FX_BOOL IsSignatureDict(const CPDF_Dictionary* pDict)
15 { 16 {
16 CPDF_Object* pType = pDict->GetElementValue(FX_BSTRC("Type")); 17 CPDF_Object* pType = pDict->GetElementValue(FX_BSTRC("Type"));
17 if (!pType) { 18 if (!pType) {
18 pType = pDict->GetElementValue(FX_BSTRC("FT")); 19 pType = pDict->GetElementValue(FX_BSTRC("FT"));
19 if (!pType) { 20 if (!pType) {
(...skipping 2381 matching lines...) Expand 10 before | Expand all | Expand 10 after
2401 } 2402 }
2402 if (bTypeOnly) { 2403 if (bTypeOnly) {
2403 return (CPDF_Object*)PDFOBJ_INVALID; 2404 return (CPDF_Object*)PDFOBJ_INVALID;
2404 } 2405 }
2405 return NULL; 2406 return NULL;
2406 } 2407 }
2407 CPDF_Stream* CPDF_SyntaxParser::ReadStream(CPDF_Dictionary* pDict, PARSE_CONTEXT * pContext, 2408 CPDF_Stream* CPDF_SyntaxParser::ReadStream(CPDF_Dictionary* pDict, PARSE_CONTEXT * pContext,
2408 FX_DWORD objnum, FX_DWORD gennum) 2409 FX_DWORD objnum, FX_DWORD gennum)
2409 { 2410 {
2410 CPDF_Object* pLenObj = pDict->GetElement(FX_BSTRC("Length")); 2411 CPDF_Object* pLenObj = pDict->GetElement(FX_BSTRC("Length"));
2411 FX_DWORD len = 0; 2412 FX_FILESIZE len = 0;
2412 if (pLenObj && ((pLenObj->GetType() != PDFOBJ_REFERENCE) || 2413 if (pLenObj && ((pLenObj->GetType() != PDFOBJ_REFERENCE) ||
2413 ((((CPDF_Reference*)pLenObj)->GetObjList() != NULL) && 2414 ((((CPDF_Reference*)pLenObj)->GetObjList() != NULL) &&
2414 ((CPDF_Reference*)pLenObj)->GetRefObjNum() != objnum))) { 2415 ((CPDF_Reference*)pLenObj)->GetRefObjNum() != objnum))) {
2415 FX_FILESIZE pos = m_Pos; 2416 len = pLenObj->GetInteger();
2416 if (pLenObj) {
2417 len = pLenObj->GetInteger();
2418 }
2419 m_Pos = pos;
2420 if (len > 0x40000000) {
2421 return NULL;
2422 }
2423 } 2417 }
2418
2424 ToNextLine(); 2419 ToNextLine();
2425 FX_FILESIZE StreamStartPos = m_Pos; 2420 FX_FILESIZE StreamStartPos = m_Pos;
2426 if (pContext) { 2421 if (pContext) {
2427 pContext->m_DataStart = m_Pos; 2422 pContext->m_DataStart = m_Pos;
2428 } 2423 }
2429 m_Pos += len; 2424
2425 base::CheckedNumeric<FX_FILESIZE> pos = m_Pos;
2426 pos += len;
2427 if (pos.IsValid() && pos.ValueOrDie() < m_FileLen) {
2428 m_Pos = pos.ValueOrDie();
2429 } else {
2430 return NULL;
2431 }
2432
2430 CPDF_CryptoHandler* pCryptoHandler = objnum == (FX_DWORD)m_MetadataObjnum ? NULL : m_pCryptoHandler; 2433 CPDF_CryptoHandler* pCryptoHandler = objnum == (FX_DWORD)m_MetadataObjnum ? NULL : m_pCryptoHandler;
2431 if (pCryptoHandler == NULL) { 2434 if (pCryptoHandler == NULL) {
2432 FX_FILESIZE SavedPos = m_Pos; 2435 FX_FILESIZE SavedPos = m_Pos;
2433 GetNextWord(); 2436 GetNextWord();
2434 if (m_WordSize < 9 || FXSYS_memcmp32(m_WordBuffer, "endstream", 9)) { 2437 if (m_WordSize < 9 || FXSYS_memcmp32(m_WordBuffer, "endstream", 9)) {
2435 m_Pos = StreamStartPos; 2438 m_Pos = StreamStartPos;
2436 FX_FILESIZE offset = FindTag(FX_BSTRC("endstream"), 0); 2439 FX_FILESIZE offset = FindTag(FX_BSTRC("endstream"), 0);
2437 if (offset >= 0) { 2440 if (offset >= 0) {
2438 FX_FILESIZE curPos = m_Pos; 2441 FX_FILESIZE curPos = m_Pos;
2439 m_Pos = StreamStartPos; 2442 m_Pos = StreamStartPos;
(...skipping 1941 matching lines...) Expand 10 before | Expand all | Expand 10 after
4381 { 4384 {
4382 FX_INT32 iSize = m_childNode.GetSize(); 4385 FX_INT32 iSize = m_childNode.GetSize();
4383 for (FX_INT32 i = 0; i < iSize; ++i) { 4386 for (FX_INT32 i = 0; i < iSize; ++i) {
4384 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i]; 4387 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i];
4385 if (pNode) { 4388 if (pNode) {
4386 delete pNode; 4389 delete pNode;
4387 } 4390 }
4388 } 4391 }
4389 m_childNode.RemoveAll(); 4392 m_childNode.RemoveAll();
4390 } 4393 }
OLDNEW
« no previous file with comments | « AUTHORS ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698