Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(756)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1829013002: Added bounds checking to GetNameFromTT to handle corrupt files. (Closed)

Created:
4 years, 9 months ago by forshaw
Modified:
4 years, 9 months ago
Reviewers:
Tom Sepez
CC:
pdfium-reviews_googlegroups.com
Base URL:
https://pdfium.googlesource.com/pdfium.git@master
Target Ref:
refs/heads/master
Project:
pdfium
Visibility:
Public.

Description

Added bounds checking to GetNameFromTT to handle corrupt files. This patch adds bounds checking to the names buffer passed to GetNameFromTT. There are observed crashes in this function where data is read outside of the bounds allocated and passed to GetNameFromTT. There's no reason that this function should ever try and read outside of the allocated bounds. BUG=583037

Patch Set 1 #

Patch Set 2 : Check for facename being empty indicating an error. #

Total comments: 5

Patch Set 3 : Fixed nits. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+46 lines, -16 lines) Patch
M core/fpdfapi/fpdf_edit/fpdf_edit_doc.cpp View 1 chunk +1 line, -1 line 0 comments Download
M core/fxge/ge/fx_ge_fontmap.cpp View 1 2 3 chunks +42 lines, -14 lines 0 comments Download
M core/include/fxge/fx_font.h View 1 chunk +3 lines, -1 line 0 comments Download

Messages

Total messages: 4 (1 generated)
forshaw
Tom, Could you PTAL at this patch. It's another problem which we've encountered with win32k ...
4 years, 9 months ago (2016-03-24 13:32:47 UTC) #2
Tom Sepez
Your stuff is fine, just a bunch of pre-existing nits we should fix while we're ...
4 years, 9 months ago (2016-03-24 16:07:06 UTC) #3
Tom Sepez
4 years, 9 months ago (2016-03-24 17:37:58 UTC) #4

Powered by Google App Engine
This is Rietveld 408576698