• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2016 The PDFium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 
7 #include "core/fpdfapi/parser/cpdf_linearized_header.h"
8 
9 #include <algorithm>
10 #include <limits>
11 #include <utility>
12 
13 #include "core/fpdfapi/parser/cpdf_array.h"
14 #include "core/fpdfapi/parser/cpdf_dictionary.h"
15 #include "core/fpdfapi/parser/cpdf_number.h"
16 #include "core/fpdfapi/parser/cpdf_parser.h"
17 #include "core/fpdfapi/parser/cpdf_syntax_parser.h"
18 #include "core/fxcrt/check.h"
19 #include "core/fxcrt/fx_safe_types.h"
20 #include "core/fxcrt/ptr_util.h"
21 
22 namespace {
23 
24 constexpr FX_FILESIZE kLinearizedHeaderOffset = 9;
25 constexpr size_t kMaxInt = static_cast<size_t>(std::numeric_limits<int>::max());
26 
27 template <class T>
IsValidNumericDictionaryValue(const CPDF_Dictionary * pDict,const ByteString & key,T min_value,bool must_exist=true)28 bool IsValidNumericDictionaryValue(const CPDF_Dictionary* pDict,
29                                    const ByteString& key,
30                                    T min_value,
31                                    bool must_exist = true) {
32   if (!pDict->KeyExist(key))
33     return !must_exist;
34   RetainPtr<const CPDF_Number> pNum = pDict->GetNumberFor(key);
35   if (!pNum || !pNum->IsInteger())
36     return false;
37   const int raw_value = pNum->GetInteger();
38   if (!pdfium::IsValueInRangeForNumericType<T>(raw_value)) {
39     return false;
40   }
41   return static_cast<T>(raw_value) >= min_value;
42 }
43 
IsLinearizedHeaderValid(const CPDF_LinearizedHeader * header,FX_FILESIZE document_size)44 bool IsLinearizedHeaderValid(const CPDF_LinearizedHeader* header,
45                              FX_FILESIZE document_size) {
46   DCHECK(header);
47   return header->GetFileSize() == document_size &&
48          header->GetFirstPageNo() < kMaxInt &&
49          header->GetFirstPageNo() < header->GetPageCount() &&
50          header->GetMainXRefTableFirstEntryOffset() < document_size &&
51          header->GetFirstPageEndOffset() < document_size &&
52          header->GetFirstPageObjNum() < CPDF_Parser::kMaxObjectNumber &&
53          header->GetLastXRefOffset() < document_size &&
54          header->GetHintStart() < document_size;
55 }
56 
57 }  // namespace
58 
59 // static
Parse(CPDF_SyntaxParser * parser)60 std::unique_ptr<CPDF_LinearizedHeader> CPDF_LinearizedHeader::Parse(
61     CPDF_SyntaxParser* parser) {
62   parser->SetPos(kLinearizedHeaderOffset);
63 
64   const auto pDict = ToDictionary(
65       parser->GetIndirectObject(nullptr, CPDF_SyntaxParser::ParseType::kLoose));
66 
67   if (!pDict || !pDict->KeyExist("Linearized") ||
68       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "L", 1) ||
69       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "P", 0, false) ||
70       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "T", 1) ||
71       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "N", 1) ||
72       !IsValidNumericDictionaryValue<FX_FILESIZE>(pDict.Get(), "E", 1) ||
73       !IsValidNumericDictionaryValue<uint32_t>(pDict.Get(), "O", 1)) {
74     return nullptr;
75   }
76   // Move parser to the start of the xref table for the documents first page.
77   // (skpping endobj keyword)
78   if (parser->GetNextWord().word != "endobj")
79     return nullptr;
80 
81   auto result = pdfium::WrapUnique(
82       new CPDF_LinearizedHeader(pDict.Get(), parser->GetPos()));
83 
84   if (!IsLinearizedHeaderValid(result.get(), parser->GetDocumentSize()))
85     return nullptr;
86 
87   return result;
88 }
89 
CPDF_LinearizedHeader(const CPDF_Dictionary * pDict,FX_FILESIZE szLastXRefOffset)90 CPDF_LinearizedHeader::CPDF_LinearizedHeader(const CPDF_Dictionary* pDict,
91                                              FX_FILESIZE szLastXRefOffset)
92     : m_szFileSize(pDict->GetIntegerFor("L")),
93       m_dwFirstPageNo(pDict->GetIntegerFor("P")),
94       m_szMainXRefTableFirstEntryOffset(pDict->GetIntegerFor("T")),
95       m_PageCount(pDict->GetIntegerFor("N")),
96       m_szFirstPageEndOffset(pDict->GetIntegerFor("E")),
97       m_FirstPageObjNum(pDict->GetIntegerFor("O")),
98       m_szLastXRefOffset(szLastXRefOffset) {
99   RetainPtr<const CPDF_Array> pHintStreamRange = pDict->GetArrayFor("H");
100   const size_t nHintStreamSize =
101       pHintStreamRange ? pHintStreamRange->size() : 0;
102   if (nHintStreamSize == 2 || nHintStreamSize == 4) {
103     m_szHintStart = std::max(pHintStreamRange->GetIntegerAt(0), 0);
104     const FX_SAFE_UINT32 safe_hint_length = pHintStreamRange->GetIntegerAt(1);
105     if (safe_hint_length.IsValid())
106       m_HintLength = safe_hint_length.ValueOrDie();
107   }
108 }
109 
110 CPDF_LinearizedHeader::~CPDF_LinearizedHeader() = default;
111 
HasHintTable() const112 bool CPDF_LinearizedHeader::HasHintTable() const {
113   return GetPageCount() > 1 && GetHintStart() > 0 && GetHintLength() > 0;
114 }
115