Type check the m_pShadingObj before assuming it's a stream.
authorDan Sinclair <dsinclair@chromium.org>
Tue, 27 Oct 2015 16:08:20 +0000 (12:08 -0400)
committerDan Sinclair <dsinclair@chromium.org>
Tue, 27 Oct 2015 16:08:20 +0000 (12:08 -0400)
The m_pShadingObj can be a stream or a dictionary depending on how it's used.
This CL adds some simple type checking to make sure that the type of the
object matches what we expect.

BUG=chromium:547706
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1421973004 .

BUILD.gn
core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp [new file with mode: 0644]
pdfium.gyp
testing/resources/bug_547706.in [new file with mode: 0644]
testing/resources/bug_547706.pdf [new file with mode: 0644]

index dd6a64e..abd189b 100644 (file)
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -778,6 +778,7 @@ test("pdfium_embeddertests") {
   sources = [
     "core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp",
     "core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp",
+    "core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp",
     "fpdfsdk/src/fpdf_dataavail_embeddertest.cpp",
     "fpdfsdk/src/fpdfdoc_embeddertest.cpp",
     "fpdfsdk/src/fpdfformfill_embeddertest.cpp",
index 7b04d8c..ded6c87 100644 (file)
@@ -140,6 +140,11 @@ FX_BOOL CPDF_ShadingPattern::Load() {
     m_pCountedCS = pDocPageData->FindColorSpacePtr(m_pCS->GetArray());
   }
   m_ShadingType = pShadingDict->GetInteger(FX_BSTRC("ShadingType"));
+
+  // We expect to have a stream if our shading type is a mesh.
+  if (m_ShadingType >= 4 && !ToStream(m_pShadingObj))
+    return FALSE;
+
   return TRUE;
 }
 FX_BOOL CPDF_ShadingPattern::Reload() {
diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp
new file mode 100644 (file)
index 0000000..30d7a41
--- /dev/null
@@ -0,0 +1,16 @@
+// Copyright 2015 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "../../../testing/embedder_test.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+class FPDFRenderPatternEmbeddertest : public EmbedderTest {};
+
+TEST_F(FPDFRenderPatternEmbeddertest, LoadError_547706) {
+  // Test shading where object is a dictionary instead of a stream.
+  EXPECT_TRUE(OpenDocument("testing/resources/bug_547706.pdf"));
+  FPDF_PAGE page = LoadPage(0);
+  RenderPage(page);
+  UnloadPage(page);
+}
index 695e923..e98a4ee 100644 (file)
       'sources': [
         'core/src/fpdfapi/fpdf_parser/fpdf_parser_decode_embeddertest.cpp',
         'core/src/fpdfapi/fpdf_parser/fpdf_parser_parser_embeddertest.cpp',
+        'core/src/fpdfapi/fpdf_render/fpdf_render_pattern_embeddertest.cpp',
         'fpdfsdk/src/fpdf_dataavail_embeddertest.cpp',
         'fpdfsdk/src/fpdfdoc_embeddertest.cpp',
         'fpdfsdk/src/fpdfformfill_embeddertest.cpp',
diff --git a/testing/resources/bug_547706.in b/testing/resources/bug_547706.in
new file mode 100644 (file)
index 0000000..4c31f19
--- /dev/null
@@ -0,0 +1,43 @@
+{{header}}
+
+{{object 1 0}}
+<< /Pages 2 0 R >>
+endobj
+
+{{object 2 0}}
+<< /Kids [ 3 0 R ] >>
+endobj
+
+{{object 3 0}}
+<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>>
+endobj
+
+{{object 4 0}}
+<< /Length 5 0 R >>
+stream
+/R9 scn
+0 0 2479 3508 re
+/R11 36 Tf
+[(1)-12288.9(2)]TJ
+endstream
+endobj
+
+{{object 6 0}}
+<< /R9 7 0 R >>
+endobj
+
+{{object 7 0}}
+<< /PatternType 2 /Shading 8 0 R >>
+endobj
+
+{{object 8 0}}
+<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >>
+endobj
+
+{{xref}}
+trailer <<
+  /Root 1 0 R
+  /Size 9
+>>
+{{startxref}}
+%%EOF
diff --git a/testing/resources/bug_547706.pdf b/testing/resources/bug_547706.pdf
new file mode 100644 (file)
index 0000000..8003b3c
--- /dev/null
@@ -0,0 +1,55 @@
+%PDF-1.7
+% ò¤ô
+
+1 0 obj
+<< /Pages 2 0 R >>
+endobj
+
+2 0 obj
+<< /Kids [ 3 0 R ] >>
+endobj
+
+3 0 obj
+<< /Contents 4 0 R /Resources << /Pattern 6 0 R >>>>
+endobj
+
+4 0 obj
+<< /Length 5 0 R >>
+stream
+/R9 scn
+0 0 2479 3508 re
+/R11 36 Tf
+[(1)-12288.9(2)]TJ
+endstream
+endobj
+
+6 0 obj
+<< /R9 7 0 R >>
+endobj
+
+7 0 obj
+<< /PatternType 2 /Shading 8 0 R >>
+endobj
+
+8 0 obj
+<< /BitsPerComponent 16 /ColorSpace /DeviceRGB /ShadingType 5 >>
+endobj
+
+xref
+0 9
+0000000000 65535 f 
+0000000016 00000 n 
+0000000051 00000 n 
+0000000089 00000 n 
+0000000158 00000 n 
+0000000000 65535 f 
+0000000266 00000 n 
+0000000298 00000 n 
+0000000350 00000 n 
+trailer <<
+  /Root 1 0 R
+  /Size 9
+>>
+startxref
+431
+%%EOF