[Backport] Fix for CVE-2018-17469

M70: Validate decoder pipelines.

PDF decoders, AKA filters, can be chained together. There can be
an arbitrary number of decoding / decompressing filters in the pipeline,
but there should be at most 1 image decoder, and the image decoder
should only be at the end of the chain.

BUG=chromium:880675
TBR=tsepez@chromium.org

Change-Id: Iffa27c70ec1ed7574e38e0de23413840ee900959
Reviewed-on: https://pdfium-review.googlesource.com/42711
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
(cherry picked from commit 5f2ea0f6ef587f9f7a2fec9f80dbc82b94c97400)
Reviewed-on: https://pdfium-review.googlesource.com/42970
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

1 files changed, 3 insertions, 0 deletions

diff --git a/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h b/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h
index 328fd474c6b..a05cd561f99 100644
--- a/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h
+++ b/chromium/third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.h
@@ -13,11 +13,14 @@
 #include "core/fxcrt/unowned_ptr.h"
 
 class CCodec_ScanlineDecoder;
+class CPDF_Array;
 class CPDF_Dictionary;
 
 // Indexed by 8-bit char code, contains unicode code points.
 extern const uint16_t PDFDocEncoding[256];
 
+bool ValidateDecoderPipeline(const CPDF_Array* pDecoders);
+
 ByteString PDF_EncodeString(const ByteString& src, bool bHex);
 WideString PDF_DecodeText(const uint8_t* pData, uint32_t size);
 WideString PDF_DecodeText(const ByteString& bstr);