Fix Heap-buffer-overflow caused by PDF_DataDecode() refactor
PDF_DataDecode() was refactored into two separate functions. In the
function that calls the two new functions,
CPDF_StreamAcc::ProcessFilteredData(), the behavior when an error occurs
retrieving |decoder_array| was changed.
Bug: chromium:977832
Change-Id: I228b5926f95e0a7663d1663107cfe364484731c6
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/56850
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fpdfapi/parser/cpdf_stream_acc.cpp b/core/fpdfapi/parser/cpdf_stream_acc.cpp
index 2666fe6..c666ad7 100644
--- a/core/fpdfapi/parser/cpdf_stream_acc.cpp
+++ b/core/fpdfapi/parser/cpdf_stream_acc.cpp
@@ -122,10 +122,8 @@
Optional<std::vector<std::pair<ByteString, const CPDF_Object*>>>
decoder_array = GetDecoderArray(m_pStream->GetDict());
- if (!decoder_array.has_value())
- return;
-
- if (!PDF_DataDecode({pSrcData.Get(), dwSrcSize}, estimated_size, bImageAcc,
+ if (!decoder_array.has_value() ||
+ !PDF_DataDecode({pSrcData.Get(), dwSrcSize}, estimated_size, bImageAcc,
decoder_array.value(), &pDecodedData, &dwDecodedSize,
&m_ImageDecoder, &m_pImageParam)) {
m_pData = std::move(pSrcData);