Make tiff_read return actual length read The return value is used to determine whether TIFFReadFile fails. If we return just the length, libtiff will try reading uninitilized values afterwards, on corrupted files. BUG=679230, 670928 Change-Id: I579adc9d8a00e8cafab45dbdb728f1cb702da051 Reviewed-on: https://pdfium-review.googlesource.com/2172 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>

commit: 5e3121beff936df1b0af3749447eeda1666d5d76 [log] [tgz]
author: Nicolas Pena <npm@chromium.org> Wed Jan 11 16:39:20 2017 -0500
committer: Chromium commit bot <commit-bot@chromium.org> Wed Jan 11 21:57:03 2017 +0000
tree: 90fdf7f63b5880c4f0e5f12c38e05be65467f2e3
parent: 96f482c9cd3c99425fd3422251903b1218253c66 [diff]
diff --git a/core/fxcodec/codec/fx_codec_tiff.cpp b/core/fxcodec/codec/fx_codec_tiff.cpp
index cf38d71..7818a34 100644
--- a/core/fxcodec/codec/fx_codec_tiff.cpp
+++ b/core/fxcodec/codec/fx_codec_tiff.cpp

@@ -100,10 +100,14 @@
   if (!increment.IsValid())
     return 0;
 
-  if (!pTiffContext->io_in()->ReadBlock(buf, pTiffContext->offset(), length))
+  FX_FILESIZE offset = pTiffContext->offset();
+  if (!pTiffContext->io_in()->ReadBlock(buf, offset, length))
     return 0;
 
   pTiffContext->set_offset(increment.ValueOrDie());
+  if (offset + length > pTiffContext->io_in()->GetSize())
+    return pTiffContext->io_in()->GetSize() - offset;
+
   return length;
 }
commit	5e3121beff936df1b0af3749447eeda1666d5d76	[log] [tgz]
author	Nicolas Pena <npm@chromium.org>	Wed Jan 11 16:39:20 2017 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	Wed Jan 11 21:57:03 2017 +0000
tree	90fdf7f63b5880c4f0e5f12c38e05be65467f2e3
parent	96f482c9cd3c99425fd3422251903b1218253c66 [diff]