Add runtime check for streams in CPDF_Array::SetAtInternal() and friends
Disallow objects of CPDF_Stream to be directly added to CPDF_Array via
SetAtInternal(), InsertAtInternal() and AppendInternal().
Bug: pdfium:2119
Change-Id: I6b04160a79193007f9ce4a6977a926e0d8e54462
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/116352
Reviewed-by: Thomas Sepez <tsepez@google.com>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fpdfapi/parser/cpdf_array.cpp b/core/fpdfapi/parser/cpdf_array.cpp
index 9a6ee88..6e64e7c 100644
--- a/core/fpdfapi/parser/cpdf_array.cpp
+++ b/core/fpdfapi/parser/cpdf_array.cpp
@@ -231,6 +231,7 @@
CHECK(!IsLocked());
CHECK(pObj);
CHECK(pObj->IsInline());
+ CHECK(!pObj->IsStream());
if (index >= m_Objects.size())
return nullptr;
@@ -244,6 +245,7 @@
CHECK(!IsLocked());
CHECK(pObj);
CHECK(pObj->IsInline());
+ CHECK(!pObj->IsStream());
if (index > m_Objects.size())
return nullptr;
@@ -256,6 +258,7 @@
CHECK(!IsLocked());
CHECK(pObj);
CHECK(pObj->IsInline());
+ CHECK(!pObj->IsStream());
CPDF_Object* pRet = pObj.Get();
m_Objects.push_back(std::move(pObj));
return pRet;