Fix crash in CPDF_StreamContentParser::Handle_BeginImageData()
https://pdfium-review.googlesource.com/130911 failed to consider the
case of the "ID" operator without a "BI" operator before it. Add a test
case for this and ignore out of place "ID" operators.
Bug: 413161371
Change-Id: Ieaf63d00c8b20cf55b2217d092cf7efaa72568b0
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/131011
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
index 8e12bef..e830c8c 100644
--- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
@@ -1028,6 +1028,10 @@
}
void CPDF_StreamContentParser::Handle_BeginImageData() {
+ if (!inline_image_context_.has_value()) {
+ return;
+ }
+
InlineImageContext& inline_image_context = inline_image_context_.value();
CHECK_EQ(inline_image_context.state,
InlineImageContext::State::kLookingForID);
diff --git a/testing/resources/pixel/bug_413161371.in b/testing/resources/pixel/bug_413161371.in
new file mode 100644
index 0000000..d5859c4
--- /dev/null
+++ b/testing/resources/pixel/bug_413161371.in
@@ -0,0 +1,30 @@
+{{header}}
+{{object 1 0}} <<
+ /Type /Catalog
+ /Pages 2 0 R
+>>
+endobj
+{{object 2 0}} <<
+ /Type /Pages
+ /MediaBox [0 0 200 200]
+ /Count 1
+ /Kids [3 0 R]
+>>
+endobj
+{{object 3 0}} <<
+ /Type /Page
+ /Parent 2 0 R
+ /Contents 4 0 R
+>>
+endobj
+{{object 4 0}} <<
+ {{streamlen}}
+>>
+stream
+ID
+endstream
+endobj
+{{xref}}
+{{trailer}}
+{{startxref}}
+%%EOF
diff --git a/testing/resources/pixel/bug_413161371_expected.pdf.0.png b/testing/resources/pixel/bug_413161371_expected.pdf.0.png
new file mode 100644
index 0000000..f97e340
--- /dev/null
+++ b/testing/resources/pixel/bug_413161371_expected.pdf.0.png
Binary files differ
