Add a second line of defense against negative offsets Make CPDF_ReadValidator::ReadBlockAtOffset return immediately in this case. Change-Id: I4db0a4a149831c0e22b5d37276ef515ab5aa1b5f Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/93614 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>

commit: 4a4498ac867ed5ac47e100648817bfc665f8064e [log] [tgz]
author: Tom Sepez <tsepez@chromium.org> Fri May 13 21:36:18 2022 +0000
committer: Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri May 13 21:36:18 2022 +0000
tree: 4d97cc4bc1e1a5c2db3b999c67a826721294c558
parent: a607dd50d24e54eef404195cf49db0d56985a680 [diff]
diff --git a/core/fpdfapi/parser/cpdf_read_validator.cpp b/core/fpdfapi/parser/cpdf_read_validator.cpp
index c02268f..47e113a 100644
--- a/core/fpdfapi/parser/cpdf_read_validator.cpp
+++ b/core/fpdfapi/parser/cpdf_read_validator.cpp

@@ -57,6 +57,11 @@
 bool CPDF_ReadValidator::ReadBlockAtOffset(void* buffer,
                                            FX_FILESIZE offset,
                                            size_t size) {
+  if (offset < 0) {
+    NOTREACHED();
+    return false;
+  }
+
   FX_SAFE_FILESIZE end_offset = offset;
   end_offset += size;
   if (!end_offset.IsValid() || end_offset.ValueOrDie() > file_size_)
commit	4a4498ac867ed5ac47e100648817bfc665f8064e	[log] [tgz]
author	Tom Sepez <tsepez@chromium.org>	Fri May 13 21:36:18 2022 +0000
committer	Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri May 13 21:36:18 2022 +0000
tree	4d97cc4bc1e1a5c2db3b999c67a826721294c558
parent	a607dd50d24e54eef404195cf49db0d56985a680 [diff]