diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-10-24 15:47:22 +0200 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2018-10-25 15:13:31 +0000 |
commit | 7a3ca41e453cbb702c1490649865228af205d948 (patch) | |
tree | 46e87bbf92b672f63dbe6b5a40111a5dd2b32274 /chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h | |
parent | 329c1780d9edc69fa84f8995711a3f25de153061 (diff) | |
download | qtwebengine-chromium-7a3ca41e453cbb702c1490649865228af205d948.tar.gz |
[Backport] Fix for CVE-2018-17469
M70: Validate decoder pipelines.
PDF decoders, AKA filters, can be chained together. There can be
an arbitrary number of decoding / decompressing filters in the pipeline,
but there should be at most 1 image decoder, and the image decoder
should only be at the end of the chain.
BUG=chromium:880675
TBR=tsepez@chromium.org
Change-Id: Iffa27c70ec1ed7574e38e0de23413840ee900959
Reviewed-on: https://pdfium-review.googlesource.com/42711
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
(cherry picked from commit 5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400)
Reviewed-on: https://pdfium-review.googlesource.com/42970
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h')
-rw-r--r-- | chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h b/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h index 328fd474c6b..a05cd561f99 100644 --- a/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h +++ b/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h @@ -13,11 +13,14 @@ #include "core/fxcrt/unowned_ptr.h" class CCodec_ScanlineDecoder; +class CPDF_Array; class CPDF_Dictionary; // Indexed by 8-bit char code, contains unicode code points. extern const uint16_t PDFDocEncoding[256]; +bool ValidateDecoderPipeline(const CPDF_Array* pDecoders); + ByteString PDF_EncodeString(const ByteString& src, bool bHex); WideString PDF_DecodeText(const uint8_t* pData, uint32_t size); WideString PDF_DecodeText(const ByteString& bstr); |