Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 501823003: Perform better input checks in early steps of parser. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Fix || => && typo. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fpdfapi/fpdf_page.h" 9 #include "../../../include/fpdfapi/fpdf_page.h"
10 #include "../../../../third_party/numerics/safe_math.h" 10 #include "../../../../third_party/numerics/safe_math.h"
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
44 CPDF_Parser::CPDF_Parser() 44 CPDF_Parser::CPDF_Parser()
45 { 45 {
46 m_pDocument = NULL; 46 m_pDocument = NULL;
47 m_pTrailer = NULL; 47 m_pTrailer = NULL;
48 m_pEncryptDict = NULL; 48 m_pEncryptDict = NULL;
49 m_pSecurityHandler = NULL; 49 m_pSecurityHandler = NULL;
50 m_pLinearized = NULL; 50 m_pLinearized = NULL;
51 m_dwFirstPageNo = 0; 51 m_dwFirstPageNo = 0;
52 m_dwXrefStartObjNum = 0; 52 m_dwXrefStartObjNum = 0;
53 m_bOwnFileRead = TRUE; 53 m_bOwnFileRead = TRUE;
54 m_FileVersion = 0;
54 m_bForceUseSecurityHandler = FALSE; 55 m_bForceUseSecurityHandler = FALSE;
55 } 56 }
56 CPDF_Parser::~CPDF_Parser() 57 CPDF_Parser::~CPDF_Parser()
57 { 58 {
58 CloseParser(FALSE); 59 CloseParser(FALSE);
59 } 60 }
60 FX_DWORD CPDF_Parser::GetLastObjNum() 61 FX_DWORD CPDF_Parser::GetLastObjNum()
61 { 62 {
62 FX_DWORD dwSize = m_CrossRef.GetSize(); 63 FX_DWORD dwSize = m_CrossRef.GetSize();
63 return dwSize ? dwSize - 1 : 0; 64 return dwSize ? dwSize - 1 : 0;
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 m_bOwnFileRead = bOwnFileRead; 152 m_bOwnFileRead = bOwnFileRead;
152 FX_INT32 offset = GetHeaderOffset(pFileAccess); 153 FX_INT32 offset = GetHeaderOffset(pFileAccess);
153 if (offset == -1) { 154 if (offset == -1) {
154 if (bOwnFileRead && pFileAccess) { 155 if (bOwnFileRead && pFileAccess) {
155 pFileAccess->Release(); 156 pFileAccess->Release();
156 } 157 }
157 return PDFPARSE_ERROR_FORMAT; 158 return PDFPARSE_ERROR_FORMAT;
158 } 159 }
159 m_Syntax.InitParser(pFileAccess, offset); 160 m_Syntax.InitParser(pFileAccess, offset);
160 FX_BYTE ch; 161 FX_BYTE ch;
161 m_Syntax.GetCharAt(5, ch); 162 if (!m_Syntax.GetCharAt(5, ch)) {
162 m_FileVersion = (ch - '0') * 10; 163 return PDFPARSE_ERROR_FORMAT;
163 m_Syntax.GetCharAt(7, ch); 164 }
164 m_FileVersion += ch - '0'; 165 if (ch >= '0' && ch <= '9') {
166 m_FileVersion = (ch - '0') * 10;
167 }
168 if (!m_Syntax.GetCharAt(7, ch)) {
169 return PDFPARSE_ERROR_FORMAT;
170 }
171 if (ch >= '0' && ch <= '9') {
172 m_FileVersion += ch - '0';
173 }
174 if (m_Syntax.m_FileLen < m_Syntax.m_HeaderOffset + 9) {
175 return PDFPARSE_ERROR_FORMAT;
176 }
165 m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9); 177 m_Syntax.RestorePos(m_Syntax.m_FileLen - m_Syntax.m_HeaderOffset - 9);
166 if (!bReParse) { 178 if (!bReParse) {
167 m_pDocument = FX_NEW CPDF_Document(this); 179 m_pDocument = FX_NEW CPDF_Document(this);
168 } 180 }
169 FX_BOOL bXRefRebuilt = FALSE; 181 FX_BOOL bXRefRebuilt = FALSE;
170 if (m_Syntax.SearchWord(FX_BSTRC("startxref"), TRUE, FALSE, 4096)) { 182 if (m_Syntax.SearchWord(FX_BSTRC("startxref"), TRUE, FALSE, 4096)) {
171 FX_FILESIZE startxref_offset = m_Syntax.SavePos(); 183 FX_FILESIZE startxref_offset = m_Syntax.SavePos();
172 FX_LPVOID pResult = FXSYS_bsearch(&startxref_offset, m_SortedOffset.GetD ata(), m_SortedOffset.GetSize(), sizeof(FX_FILESIZE), _CompareFileSize); 184 FX_LPVOID pResult = FXSYS_bsearch(&startxref_offset, m_SortedOffset.GetD ata(), m_SortedOffset.GetSize(), sizeof(FX_FILESIZE), _CompareFileSize);
173 if (pResult == NULL) { 185 if (pResult == NULL) {
174 m_SortedOffset.Add(startxref_offset); 186 m_SortedOffset.Add(startxref_offset);
(...skipping 4230 matching lines...) Expand 10 before | Expand all | Expand 10 after
4405 { 4417 {
4406 FX_INT32 iSize = m_childNode.GetSize(); 4418 FX_INT32 iSize = m_childNode.GetSize();
4407 for (FX_INT32 i = 0; i < iSize; ++i) { 4419 for (FX_INT32 i = 0; i < iSize; ++i) {
4408 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i]; 4420 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i];
4409 if (pNode) { 4421 if (pNode) {
4410 delete pNode; 4422 delete pNode;
4411 } 4423 }
4412 } 4424 }
4413 m_childNode.RemoveAll(); 4425 m_childNode.RemoveAll();
4414 } 4426 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698