Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 441503003: Fix the problem that memory is accessed after released due to invalid type-cast (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/src/fpdfapi/fpdf_parser/fpdf_parser_document.cpp ('k') | core/src/fpdfdoc/doc_tagged.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fpdfapi/fpdf_page.h" 9 #include "../../../include/fpdfapi/fpdf_page.h"
10 #include "../../../../third_party/numerics/safe_math.h" 10 #include "../../../../third_party/numerics/safe_math.h"
(...skipping 1108 matching lines...) Expand 10 before | Expand all | Expand 10 after
1119 pID = ParseIndirectObject(NULL, ((CPDF_Reference*)pID)->GetRefObjNum()); 1119 pID = ParseIndirectObject(NULL, ((CPDF_Reference*)pID)->GetRefObjNum());
1120 m_pTrailer->SetAt(FX_BSTRC("ID"), pID); 1120 m_pTrailer->SetAt(FX_BSTRC("ID"), pID);
1121 } 1121 }
1122 if (pID == NULL || pID->GetType() != PDFOBJ_ARRAY) { 1122 if (pID == NULL || pID->GetType() != PDFOBJ_ARRAY) {
1123 return NULL; 1123 return NULL;
1124 } 1124 }
1125 return (CPDF_Array*)pID; 1125 return (CPDF_Array*)pID;
1126 } 1126 }
1127 FX_DWORD CPDF_Parser::GetRootObjNum() 1127 FX_DWORD CPDF_Parser::GetRootObjNum()
1128 { 1128 {
1129 CPDF_Reference* pRef = m_pTrailer ? (CPDF_Reference*)m_pTrailer->GetElement( FX_BSTRC("Root")) : NULL; 1129 CPDF_Object* pRef = m_pTrailer ? m_pTrailer->GetElement(FX_BSTRC("Root")) : NULL;
1130 if (pRef == NULL || pRef->GetType() != PDFOBJ_REFERENCE) { 1130 if (pRef == NULL || pRef->GetType() != PDFOBJ_REFERENCE) {
1131 return 0; 1131 return 0;
1132 } 1132 }
1133 return pRef->GetRefObjNum(); 1133 return ((CPDF_Reference*) pRef)->GetRefObjNum();
1134 } 1134 }
1135 FX_DWORD CPDF_Parser::GetInfoObjNum() 1135 FX_DWORD CPDF_Parser::GetInfoObjNum()
1136 { 1136 {
1137 CPDF_Reference* pRef = m_pTrailer ? (CPDF_Reference*)m_pTrailer->GetElement( FX_BSTRC("Info")) : NULL; 1137 CPDF_Object* pRef = m_pTrailer ? m_pTrailer->GetElement(FX_BSTRC("Info")) : NULL;
1138 if (pRef == NULL || pRef->GetType() != PDFOBJ_REFERENCE) { 1138 if (pRef == NULL || pRef->GetType() != PDFOBJ_REFERENCE) {
1139 return 0; 1139 return 0;
1140 } 1140 }
1141 return pRef->GetRefObjNum(); 1141 return ((CPDF_Reference*) pRef)->GetRefObjNum();
1142 } 1142 }
1143 FX_BOOL CPDF_Parser::IsFormStream(FX_DWORD objnum, FX_BOOL& bForm) 1143 FX_BOOL CPDF_Parser::IsFormStream(FX_DWORD objnum, FX_BOOL& bForm)
1144 { 1144 {
1145 bForm = FALSE; 1145 bForm = FALSE;
1146 if (objnum >= (FX_DWORD)m_CrossRef.GetSize()) { 1146 if (objnum >= (FX_DWORD)m_CrossRef.GetSize()) {
1147 return TRUE; 1147 return TRUE;
1148 } 1148 }
1149 if (m_V5Type[objnum] == 0) { 1149 if (m_V5Type[objnum] == 0) {
1150 return TRUE; 1150 return TRUE;
1151 } 1151 }
(...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after
1585 RootObjNum = GetRootObjNum(); 1585 RootObjNum = GetRootObjNum();
1586 if (RootObjNum == 0) { 1586 if (RootObjNum == 0) {
1587 return PDFPARSE_ERROR_FORMAT; 1587 return PDFPARSE_ERROR_FORMAT;
1588 } 1588 }
1589 dwRet = SetEncryptHandler(); 1589 dwRet = SetEncryptHandler();
1590 if (dwRet != PDFPARSE_ERROR_SUCCESS) { 1590 if (dwRet != PDFPARSE_ERROR_SUCCESS) {
1591 return dwRet; 1591 return dwRet;
1592 } 1592 }
1593 } 1593 }
1594 if (m_pSecurityHandler && m_pSecurityHandler->IsMetadataEncrypted()) { 1594 if (m_pSecurityHandler && m_pSecurityHandler->IsMetadataEncrypted()) {
1595 CPDF_Reference* pMetadata = (CPDF_Reference*)m_pDocument->GetRoot()->Get Element(FX_BSTRC("Metadata")); 1595 CPDF_Object* pMetadata = m_pDocument->GetRoot()->GetElement(FX_BSTRC("Me tadata"));
1596 if (pMetadata && pMetadata->GetType() == PDFOBJ_REFERENCE) { 1596 if (pMetadata && pMetadata->GetType() == PDFOBJ_REFERENCE) {
1597 m_Syntax.m_MetadataObjnum = pMetadata->GetRefObjNum(); 1597 m_Syntax.m_MetadataObjnum = ((CPDF_Reference*) pMetadata)->GetRefObj Num();
1598 } 1598 }
1599 } 1599 }
1600 return PDFPARSE_ERROR_SUCCESS; 1600 return PDFPARSE_ERROR_SUCCESS;
1601 } 1601 }
1602 FX_BOOL CPDF_Parser::LoadLinearizedAllCrossRefV5(FX_FILESIZE xrefpos) 1602 FX_BOOL CPDF_Parser::LoadLinearizedAllCrossRefV5(FX_FILESIZE xrefpos)
1603 { 1603 {
1604 if (!LoadCrossRefV5(xrefpos, xrefpos, FALSE)) { 1604 if (!LoadCrossRefV5(xrefpos, xrefpos, FALSE)) {
1605 return FALSE; 1605 return FALSE;
1606 } 1606 }
1607 while (xrefpos) 1607 while (xrefpos)
(...skipping 1707 matching lines...) Expand 10 before | Expand all | Expand 10 after
3315 } 3315 }
3316 switch (pKids->GetType()) { 3316 switch (pKids->GetType()) {
3317 case PDFOBJ_REFERENCE: { 3317 case PDFOBJ_REFERENCE: {
3318 CPDF_Reference *pKid = (CPDF_Reference *)pKids; 3318 CPDF_Reference *pKid = (CPDF_Reference *)pKids;
3319 m_PageObjList.Add(pKid->GetRefObjNum()); 3319 m_PageObjList.Add(pKid->GetRefObjNum());
3320 } 3320 }
3321 break; 3321 break;
3322 case PDFOBJ_ARRAY: { 3322 case PDFOBJ_ARRAY: {
3323 CPDF_Array *pKidsArray = (CPDF_Array *)pKids; 3323 CPDF_Array *pKidsArray = (CPDF_Array *)pKids;
3324 for (FX_DWORD i = 0; i < pKidsArray->GetCount(); ++i) { 3324 for (FX_DWORD i = 0; i < pKidsArray->GetCount(); ++i) {
3325 CPDF_Reference *pKid = (CPDF_Reference *)pKidsArray->GetElem ent(i); 3325 CPDF_Object *pKid = (CPDF_Object *)pKidsArray->GetElement(i) ;
3326 m_PageObjList.Add(pKid->GetRefObjNum()); 3326 if (pKid && pKid->GetType() == PDFOBJ_REFERENCE) {
3327 m_PageObjList.Add(((CPDF_Reference *)pKid)->GetRefObjNum ());
3328 }
3327 } 3329 }
3328 } 3330 }
3329 break; 3331 break;
3330 default: 3332 default:
3331 m_docStatus = PDF_DATAAVAIL_ERROR; 3333 m_docStatus = PDF_DATAAVAIL_ERROR;
3332 return FALSE; 3334 return FALSE;
3333 } 3335 }
3334 return TRUE; 3336 return TRUE;
3335 } 3337 }
3336 FX_BOOL CPDF_DataAvail::CheckPages(IFX_DownloadHints* pHints) 3338 FX_BOOL CPDF_DataAvail::CheckPages(IFX_DownloadHints* pHints)
(...skipping 1069 matching lines...) Expand 10 before | Expand all | Expand 10 after
4406 { 4408 {
4407 FX_INT32 iSize = m_childNode.GetSize(); 4409 FX_INT32 iSize = m_childNode.GetSize();
4408 for (FX_INT32 i = 0; i < iSize; ++i) { 4410 for (FX_INT32 i = 0; i < iSize; ++i) {
4409 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i]; 4411 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i];
4410 if (pNode) { 4412 if (pNode) {
4411 delete pNode; 4413 delete pNode;
4412 } 4414 }
4413 } 4415 }
4414 m_childNode.RemoveAll(); 4416 m_childNode.RemoveAll();
4415 } 4417 }
OLDNEW
« no previous file with comments | « core/src/fpdfapi/fpdf_parser/fpdf_parser_document.cpp ('k') | core/src/fpdfdoc/doc_tagged.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698