Fix Heap-buffer-overflow caused by PDF_DataDecode() refactor PDF_DataDecode() was refactored into two separate functions. In the function that calls the two new functions, CPDF_StreamAcc::ProcessFilteredData(), the behavior when an error occurs retrieving |decoder_array| was changed. Bug: chromium:977832 Change-Id: I228b5926f95e0a7663d1663107cfe364484731c6 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/56850 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>

commit: 79e66aa490f8c05e140e76cae96fa4219b50c036 [log] [tgz]
author: Jeremy Chinsen <chinsenj@google.com> Mon Jun 24 17:27:02 2019 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Mon Jun 24 17:27:02 2019 +0000
tree: 55f3631c6f5c042b59f6956d4b6abfe5de608700
parent: fe111d95529a4614b0f996e547d4d396022d0020 [diff]
diff --git a/core/fpdfapi/parser/cpdf_stream_acc.cpp b/core/fpdfapi/parser/cpdf_stream_acc.cpp
index 2666fe6..c666ad7 100644
--- a/core/fpdfapi/parser/cpdf_stream_acc.cpp
+++ b/core/fpdfapi/parser/cpdf_stream_acc.cpp

@@ -122,10 +122,8 @@
 
   Optional<std::vector<std::pair<ByteString, const CPDF_Object*>>>
       decoder_array = GetDecoderArray(m_pStream->GetDict());
-  if (!decoder_array.has_value())
-    return;
-
-  if (!PDF_DataDecode({pSrcData.Get(), dwSrcSize}, estimated_size, bImageAcc,
+  if (!decoder_array.has_value() ||
+      !PDF_DataDecode({pSrcData.Get(), dwSrcSize}, estimated_size, bImageAcc,
                       decoder_array.value(), &pDecodedData, &dwDecodedSize,
                       &m_ImageDecoder, &m_pImageParam)) {
     m_pData = std::move(pSrcData);
commit	79e66aa490f8c05e140e76cae96fa4219b50c036	[log] [tgz]
author	Jeremy Chinsen <chinsenj@google.com>	Mon Jun 24 17:27:02 2019 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Mon Jun 24 17:27:02 2019 +0000
tree	55f3631c6f5c042b59f6956d4b6abfe5de608700
parent	fe111d95529a4614b0f996e547d4d396022d0020 [diff]