core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp - Issue 454283002: Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize'

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 454283002: Fix the issue 'SEGV on unknown address in CPDF_DataAvail::GetObjectSize' (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

index e0fd3bfaeecea13e1b023d68982f3d35897ff2b9..0b30d9f579c886179b21b78708c84a80fcb3d246 100644

--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

@@ -2729,7 +2729,7 @@ CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea

m_dwPrevXRefOffset = 0;

m_dwLastXRefOffset = 0;

m_bDocAvail = FALSE;

- m_bMainXRefLoad = FALSE;

+ m_bMainXRefLoadTried = FALSE;

m_bDocAvail = FALSE;

m_bLinearized = FALSE;

m_bPagesLoad = FALSE;

@@ -4107,23 +4107,30 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedData(IFX_DownloadHints* pHints)

if (m_bLinearedDataOK) {

return TRUE;

}

- if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset))) {

- pHints->AddSegment(m_dwLastXRefOffset, (FX_DWORD)(m_dwFileLen - m_dwLastXRefOffset));

- return FALSE;

- }

- FX_DWORD dwRet = 0;

- if (!m_bMainXRefLoad) {

- dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();

- if (dwRet == PDFPARSE_ERROR_SUCCESS) {

- if (!PreparePageItem()) {

- return FALSE;

- }

- m_bMainXRefLoadedOK = TRUE;

+ if (!m_bMainXRefLoadTried) {

+ FX_SAFE_DWORD data_size = m_dwFileLen;

+ data_size -= m_dwLastXRefOffset;

+ if (!data_size.IsValid()) {

+ return FALSE;

+ }

+ if (!m_pFileAvail->IsDataAvail(m_dwLastXRefOffset, data_size.ValueOrDie())) {

+ pHints->AddSegment(m_dwLastXRefOffset, data_size.ValueOrDie());

+ return FALSE;

}

- m_bMainXRefLoad = TRUE;

+ FX_DWORD dwRet = ((CPDF_Parser *)m_pDocument->GetParser())->LoadLinearizedMainXRefTable();

+ m_bMainXRefLoadTried = TRUE;

+ if (dwRet != PDFPARSE_ERROR_SUCCESS) {

+ return FALSE;

+ }

+ if (!PreparePageItem()) {

+ return FALSE;

+ }

+ m_bMainXRefLoadedOK = TRUE;

+ m_bLinearedDataOK = TRUE;

}

- m_bLinearedDataOK = TRUE;

- return TRUE;

+ return m_bLinearedDataOK;

}

FX_BOOL CPDF_DataAvail::CheckPageAnnots(FX_INT32 iPage, IFX_DownloadHints* pHints)

{

@@ -4351,7 +4358,7 @@ FX_INT32 CPDF_DataAvail::IsFormAvail(IFX_DownloadHints *pHints)

if (!pAcroForm) {

return PDFFORM_NOTEXIST;

}

- if (!m_bMainXRefLoad && !CheckLinearizedData(pHints)) {

+ if (!CheckLinearizedData(pHints)) {

return PDFFORM_NOTAVAIL;

}

if (!m_objs_array.GetSize()) {

« no previous file with comments | « core/include/fpdfapi/fpdf_parser.h ('k') | no next file » | no next file with comments »