core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp - Issue 501823003: Perform better input checks in early steps of parser.

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 501823003: Perform better input checks in early steps of parser. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Untabify Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 PDFium Authors. All rights reserved.	1 // Copyright 2014 PDFium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com	5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com

6	6

7 #include "../../../include/fpdfapi/fpdf_parser.h"	7 #include "../../../include/fpdfapi/fpdf_parser.h"

8 #include "../../../include/fpdfapi/fpdf_module.h"	8 #include "../../../include/fpdfapi/fpdf_module.h"

9 #include "../../../include/fpdfapi/fpdf_page.h"	9 #include "../../../include/fpdfapi/fpdf_page.h"

10 #include "../../../../third_party/numerics/safe_math.h"	10 #include "../../../../third_party/numerics/safe_math.h"

(...skipping 140 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
151 m_bOwnFileRead = bOwnFileRead;	151 m_bOwnFileRead = bOwnFileRead;

152 FX_INT32 offset = GetHeaderOffset(pFileAccess);	152 FX_INT32 offset = GetHeaderOffset(pFileAccess);

153 if (offset == -1) {	153 if (offset == -1) {

154 if (bOwnFileRead && pFileAccess) {	154 if (bOwnFileRead && pFileAccess) {

155 pFileAccess->Release();	155 pFileAccess->Release();

156 }	156 }

157 return PDFPARSE_ERROR_FORMAT;	157 return PDFPARSE_ERROR_FORMAT;

158 }	158 }

159 m_Syntax.InitParser(pFileAccess, offset);	159 m_Syntax.InitParser(pFileAccess, offset);

160 FX_BYTE ch;	160 FX_BYTE ch;

161 m_Syntax.GetCharAt(5, ch);	161 if (!m_Syntax.GetCharAt(5, ch) \|\| ch < '0' \|\| ch > '9') {
	jun_fang 2014/08/25 19:44:04 This is used to parse file version which is not im This is used to parse file version which is not important information. Even it's invalid, we shouldn't need to block the further parsing. So it's better to keep it no change. Tom Sepez 2014/08/25 20:05:32 Ok. I'll keep going but ingore out-of-range value Show quoted text On 2014/08/25 19:44:04, jun_fang wrote: > This is used to parse file version which is not important information. Even it's > invalid, we shouldn't need to block the further parsing. So it's better to keep > it no change. Ok. I'll keep going but ingore out-of-range values, then.
	162 return PDFPARSE_ERROR_FORMAT;

	163 }

162 m_FileVersion = (ch - '0') * 10;	164 m_FileVersion = (ch - '0') * 10;

163 m_Syntax.GetCharAt(7, ch);	165 if (!m_Syntax.GetCharAt(7, ch) \|\| ch < '0' \|\| ch > '9') {

	166 return PDFPARSE_ERROR_FORMAT;

	167 }

164 m_FileVersion += ch - '0';	168 m_FileVersion += ch - '0';

	169 if (m_Syntax.m_FileLen < m_Syntax.m_HeaderOffset + 9) {

	170 return PDFPARSE_ERROR_FORMAT;

	171 }

165 m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9);	172 m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9);

166 if (!bReParse) {	173 if (!bReParse) {

167 m_pDocument = FX_NEW CPDF_Document(this);	174 m_pDocument = FX_NEW CPDF_Document(this);

168 }	175 }

169 FX_BOOL bXRefRebuilt = FALSE;	176 FX_BOOL bXRefRebuilt = FALSE;

170 if (m_Syntax.SearchWord(FX_BSTRC("startxref"), TRUE, FALSE, 4096)) {	177 if (m_Syntax.SearchWord(FX_BSTRC("startxref"), TRUE, FALSE, 4096)) {

171 FX_FILESIZE startxref_offset = m_Syntax.SavePos();	178 FX_FILESIZE startxref_offset = m_Syntax.SavePos();

172 FX_LPVOID pResult = FXSYS_bsearch(&startxref_offset, m_SortedOffset.GetD ata(), m_SortedOffset.GetSize(), sizeof(FX_FILESIZE), _CompareFileSize);	179 FX_LPVOID pResult = FXSYS_bsearch(&startxref_offset, m_SortedOffset.GetD ata(), m_SortedOffset.GetSize(), sizeof(FX_FILESIZE), _CompareFileSize);

173 if (pResult == NULL) {	180 if (pResult == NULL) {

174 m_SortedOffset.Add(startxref_offset);	181 m_SortedOffset.Add(startxref_offset);

(...skipping 4230 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
4405 {	4412 {

4406 FX_INT32 iSize = m_childNode.GetSize();	4413 FX_INT32 iSize = m_childNode.GetSize();

4407 for (FX_INT32 i = 0; i < iSize; ++i) {	4414 for (FX_INT32 i = 0; i < iSize; ++i) {

4408 CPDF_PageNode pNode = (CPDF_PageNode)m_childNode[i];	4415 CPDF_PageNode pNode = (CPDF_PageNode)m_childNode[i];

4409 if (pNode) {	4416 if (pNode) {

4410 delete pNode;	4417 delete pNode;

4411 }	4418 }

4412 }	4419 }

4413 m_childNode.RemoveAll();	4420 m_childNode.RemoveAll();

4414 }	4421 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »