Index: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp |
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp |
index 5e926c31b940b9dd68e0d77e6097b5d7a937c8b0..ed3febb7a9cff54f9a9f74479b49196089b68037 100644 |
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp |
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp |
@@ -2411,11 +2411,9 @@ CPDF_Stream* CPDF_SyntaxParser::ReadStream(CPDF_Dictionary* pDict, PARSE_CONTEXT |
if (pLenObj && ((pLenObj->GetType() != PDFOBJ_REFERENCE) || |
((((CPDF_Reference*)pLenObj)->GetObjList() != NULL) && |
((CPDF_Reference*)pLenObj)->GetRefObjNum() != objnum))) { |
- FX_FILESIZE pos = m_Pos; |
if (pLenObj) { |
len = pLenObj->GetInteger(); |
} |
- m_Pos = pos; |
if (len > 0x40000000) { |
return NULL; |
} |
@@ -2426,6 +2424,9 @@ CPDF_Stream* CPDF_SyntaxParser::ReadStream(CPDF_Dictionary* pDict, PARSE_CONTEXT |
pContext->m_DataStart = m_Pos; |
} |
m_Pos += len; |
+ if (m_Pos >= m_FileLen) { |
jun_fang
2014/07/08 17:37:11
Type
m_Pos: FX_FILESIZE -> FX_INT32->int
m_Fil
Robert Sesek
2014/07/08 18:35:57
Done, and Chris Palmer also suggested using Checke
|
+ return NULL; |
+ } |
CPDF_CryptoHandler* pCryptoHandler = objnum == (FX_DWORD)m_MetadataObjnum ? NULL : m_pCryptoHandler; |
if (pCryptoHandler == NULL) { |
FX_FILESIZE SavedPos = m_Pos; |