• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2016 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 
7 #include "core/fpdfapi/parser/cpdf_linearized_header.h"
8 
9 #include <algorithm>
10 #include <limits>
11 #include <utility>
12 
13 #include "core/fpdfapi/parser/cpdf_array.h"
14 #include "core/fpdfapi/parser/cpdf_dictionary.h"
15 #include "core/fpdfapi/parser/cpdf_number.h"
16 #include "core/fpdfapi/parser/cpdf_syntax_parser.h"
17 #include "core/fxcrt/fx_safe_types.h"
18 #include "third_party/base/ptr_util.h"
19 
20 namespace {
21 
22 constexpr FX_FILESIZE kLinearizedHeaderOffset = 9;
23 constexpr size_t kMaxInt = static_cast<size_t>(std::numeric_limits<int>::max());
24 
25 template <class T>
IsValidNumericDictionaryValue(const CPDF_Dictionary * pDict,const char * key,T min_value,bool must_exist=true)26 bool IsValidNumericDictionaryValue(const CPDF_Dictionary* pDict,
27                                    const char* key,
28                                    T min_value,
29                                    bool must_exist = true) {
30   if (!pDict->KeyExist(key))
31     return !must_exist;
32   const CPDF_Number* pNum = ToNumber(pDict->GetObjectFor(key));
33   if (!pNum || !pNum->IsInteger())
34     return false;
35   const int raw_value = pNum->GetInteger();
36   if (!pdfium::base::IsValueInRangeForNumericType<T>(raw_value))
37     return false;
38   return static_cast<T>(raw_value) >= min_value;
39 }
40 
IsLinearizedHeaderValid(const CPDF_LinearizedHeader * header,FX_FILESIZE document_size)41 bool IsLinearizedHeaderValid(const CPDF_LinearizedHeader* header,
42                              FX_FILESIZE document_size) {
43   ASSERT(header);
44   return header->GetFileSize() == document_size &&
45          header->GetFirstPageNo() < kMaxInt &&
46          header->GetFirstPageNo() < header->GetPageCount() &&
47          header->GetMainXRefTableFirstEntryOffset() < document_size &&
48          header->GetFirstPageEndOffset() < document_size &&
49          header->GetLastXRefOffset() < document_size &&
50          header->GetHintStart() < document_size;
51 }
52 
53 }  // namespace
54 
55 // static
Parse(CPDF_SyntaxParser * parser)56 std::unique_ptr<CPDF_LinearizedHeader> CPDF_LinearizedHeader::Parse(
57     CPDF_SyntaxParser* parser) {
58   parser->SetPos(kLinearizedHeaderOffset);
59 
60   const auto pDict = ToDictionary(
61       parser->GetIndirectObject(nullptr, CPDF_SyntaxParser::ParseType::kLoose));
62 
63   if (!pDict || !pDict->KeyExist("Linearized") ||
64       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "L", 1) ||
65       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "P", 0, false) ||
66       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "T", 1) ||
67       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "N", 1) ||
68       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "E", 1) ||
69       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "O", 1)) {
70     return nullptr;
71   }
72   // Move parser to the start of the xref table for the documents first page.
73   // (skpping endobj keyword)
74   if (parser->GetNextWord(nullptr) != "endobj")
75     return nullptr;
76 
77   auto result = pdfium::WrapUnique(
78       new CPDF_LinearizedHeader(pDict.Get(), parser->GetPos()));
79 
80   if (!IsLinearizedHeaderValid(result.get(), parser->GetDocumentSize()))
81     return nullptr;
82 
83   return result;
84 }
85 
CPDF_LinearizedHeader(const CPDF_Dictionary * pDict,FX_FILESIZE szLastXRefOffset)86 CPDF_LinearizedHeader::CPDF_LinearizedHeader(const CPDF_Dictionary* pDict,
87                                              FX_FILESIZE szLastXRefOffset)
88     : m_szFileSize(pDict->GetIntegerFor("L")),
89       m_dwFirstPageNo(pDict->GetIntegerFor("P")),
90       m_szMainXRefTableFirstEntryOffset(pDict->GetIntegerFor("T")),
91       m_PageCount(pDict->GetIntegerFor("N")),
92       m_szFirstPageEndOffset(pDict->GetIntegerFor("E")),
93       m_FirstPageObjNum(pDict->GetIntegerFor("O")),
94       m_szLastXRefOffset(szLastXRefOffset) {
95   const CPDF_Array* pHintStreamRange = pDict->GetArrayFor("H");
96   const size_t nHintStreamSize =
97       pHintStreamRange ? pHintStreamRange->size() : 0;
98   if (nHintStreamSize == 2 || nHintStreamSize == 4) {
99     m_szHintStart = std::max(pHintStreamRange->GetIntegerAt(0), 0);
100     const FX_SAFE_UINT32 safe_hint_length = pHintStreamRange->GetIntegerAt(1);
101     if (safe_hint_length.IsValid())
102       m_HintLength = safe_hint_length.ValueOrDie();
103   }
104 }
105 
~CPDF_LinearizedHeader()106 CPDF_LinearizedHeader::~CPDF_LinearizedHeader() {}
107 
HasHintTable() const108 bool CPDF_LinearizedHeader::HasHintTable() const {
109   return GetPageCount() > 1 && GetHintStart() > 0 && GetHintLength() > 0;
110 }
111