Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: fpdfsdk/src/fpdfview.cpp

Issue 440563003: Fix buffer size boundary check offset by 1 (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: More correction Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../include/fsdk_define.h" 7 #include "../include/fsdk_define.h"
8 #include "../include/fpdfview.h" 8 #include "../include/fpdfview.h"
9 #include "../include/fsdk_rendercontext.h" 9 #include "../include/fsdk_rendercontext.h"
10 #include "../include/fpdf_progressive.h" 10 #include "../include/fpdf_progressive.h"
(...skipping 17 matching lines...) Expand all
28 size = m_FileAccess.m_FileLen - pos; 28 size = m_FileAccess.m_FileLen - pos;
29 if (!m_FileAccess.m_GetBlock(m_FileAccess.m_Param, m_BufferOffse t, m_Buffer, size)) 29 if (!m_FileAccess.m_GetBlock(m_FileAccess.m_Param, m_BufferOffse t, m_Buffer, size))
30 return FALSE; 30 return FALSE;
31 } 31 }
32 ch = m_Buffer[pos - m_BufferOffset]; 32 ch = m_Buffer[pos - m_BufferOffset];
33 return TRUE; 33 return TRUE;
34 } 34 }
35 35
36 FX_BOOL CPDF_CustomAccess::GetBlock(FX_DWORD pos, FX_LPBYTE pBuf, FX_DWORD size) 36 FX_BOOL CPDF_CustomAccess::GetBlock(FX_DWORD pos, FX_LPBYTE pBuf, FX_DWORD size)
37 { 37 {
38 FX_SAFE_DWORD newPos = size; 38 FX_SAFE_DWORD newPos = size;
39 newPos += pos; 39 newPos += pos;
40 » if (!newPos.IsValid() || newPos.ValueOrDie() >= m_FileAccess.m_FileLen) { 40 if (!newPos.IsValid() || newPos.ValueOrDie() > m_FileAccess.m_FileLen) {
41 return FALSE; 41 return FALSE;
42 } 42 }
43 43 return m_FileAccess.m_GetBlock(m_FileAccess.m_Param, pos, pBuf, size);
44 » return m_FileAccess.m_GetBlock(m_FileAccess.m_Param, pos, pBuf, size);
45 } 44 }
46 45
47 FX_BOOL CPDF_CustomAccess::ReadBlock(void* buffer, FX_FILESIZE offset, size_t si ze) 46 FX_BOOL CPDF_CustomAccess::ReadBlock(void* buffer, FX_FILESIZE offset, size_t si ze)
48 { 47 {
49 if (offset < 0) { 48 if (offset < 0) {
50 return FALSE; 49 return FALSE;
51 } 50 }
52 FX_SAFE_FILESIZE newPos = base::checked_cast<FX_FILESIZE, size_t>(size); 51 FX_SAFE_FILESIZE newPos = base::checked_cast<FX_FILESIZE, size_t>(size);
53 newPos += offset; 52 newPos += offset;
54 » if (!newPos.IsValid() || newPos.ValueOrDie() >= m_FileAccess.m_FileLen) { 53 if (!newPos.IsValid() || newPos.ValueOrDie() > m_FileAccess.m_FileLen) {
55 return FALSE; 54 return FALSE;
56 } 55 }
57 56 return m_FileAccess.m_GetBlock(m_FileAccess.m_Param, offset,(FX_LPBYTE) buff er, size);
58 » return m_FileAccess.m_GetBlock(m_FileAccess.m_Param, offset,(FX_LPBYTE) buffer, size);
59 } 57 }
60 58
61 //0 bit: FPDF_POLICY_MACHINETIME_ACCESS 59 //0 bit: FPDF_POLICY_MACHINETIME_ACCESS
62 static FX_DWORD foxit_sandbox_policy = 0xFFFFFFFF; 60 static FX_DWORD foxit_sandbox_policy = 0xFFFFFFFF;
63 61
64 void FSDK_SetSandBoxPolicy(FPDF_DWORD policy, FPDF_BOOL enable) 62 void FSDK_SetSandBoxPolicy(FPDF_DWORD policy, FPDF_BOOL enable)
65 { 63 {
66 switch(policy) 64 switch(policy)
67 { 65 {
68 case FPDF_POLICY_MACHINETIME_ACCESS: 66 case FPDF_POLICY_MACHINETIME_ACCESS:
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 292
295 class CMemFile FX_FINAL: public IFX_FileRead, public CFX_Object 293 class CMemFile FX_FINAL: public IFX_FileRead, public CFX_Object
296 { 294 {
297 public: 295 public:
298 CMemFile(FX_BYTE* pBuf, FX_FILESIZE size):m_pBuf(pBuf),m_size(size) {} 296 CMemFile(FX_BYTE* pBuf, FX_FILESIZE size):m_pBuf(pBuf),m_size(size) {}
299 297
300 virtual void Release() {delete this;} 298 virtual void Release() {delete this;}
301 virtual FX_FILESIZE GetSize() {return m_size;} 299 virtual FX_FILESIZE GetSize() {return m_size;}
302 virtual FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offs et, size_t size) 300 virtual FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offs et, size_t size)
303 { 301 {
304 if (offset < 0) { 302 if (offset < 0) {
305 return FALSE; 303 return FALSE;
306 } 304 }
307 305 FX_SAFE_FILESIZE newPos = base::checked_cast<FX_FILESIZE, size_t>(size);
308 FX_SAFE_FILESIZE newPos = base::checked_cast<FX_FILESIZE, size_t >(size); 306 newPos += offset;
309 newPos += offset; 307 if (!newPos.IsValid() || newPos.ValueOrDie() > (FX_DWORD)m_size) return FALSE;
310 if (!newPos.IsValid() || newPos.ValueOrDie() >= (FX_DWORD)m_size ) return FALSE;
311 FXSYS_memcpy(buffer, m_pBuf+offset, size); 308 FXSYS_memcpy(buffer, m_pBuf+offset, size);
312
313 return TRUE; 309 return TRUE;
314 } 310 }
315 private: 311 private:
316 FX_BYTE* m_pBuf; 312 FX_BYTE* m_pBuf;
317 FX_FILESIZE m_size; 313 FX_FILESIZE m_size;
318 }; 314 };
319 DLLEXPORT FPDF_DOCUMENT STDCALL FPDF_LoadMemDocument(const void* data_buf, int s ize, FPDF_BYTESTRING password) 315 DLLEXPORT FPDF_DOCUMENT STDCALL FPDF_LoadMemDocument(const void* data_buf, int s ize, FPDF_BYTESTRING password)
320 { 316 {
321 CPDF_Parser* pParser = FX_NEW CPDF_Parser; 317 CPDF_Parser* pParser = FX_NEW CPDF_Parser;
322 pParser->SetPassword(password); 318 pParser->SetPassword(password);
(...skipping 587 matching lines...) Expand 10 before | Expand all | Expand 10 after
910 { 906 {
911 if (document == NULL) 907 if (document == NULL)
912 return NULL; 908 return NULL;
913 if (name == NULL || name[0] == 0) 909 if (name == NULL || name[0] == 0)
914 return NULL; 910 return NULL;
915 911
916 CPDF_Document* pDoc = (CPDF_Document*)document; 912 CPDF_Document* pDoc = (CPDF_Document*)document;
917 CPDF_NameTree name_tree(pDoc, FX_BSTRC("Dests")); 913 CPDF_NameTree name_tree(pDoc, FX_BSTRC("Dests"));
918 return name_tree.LookupNamedDest(pDoc, name); 914 return name_tree.LookupNamedDest(pDoc, name);
919 } 915 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698