Making CPDF_SyntaxParser::FindTag(ByteStringView tag) robust
The previous implementation incorrectly handled some cases.
For eg. matching 0001 with 00001.
The current implementation is the plain and simple
"Naive exact matching".
On running into a mismatch, the code restarts from one place ahead
w.r.t. the previous iteration.
Bug: 42271557
Change-Id: Ibb1e1dea3fa6b669a483f426d0a156616f0ed4e8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/127710
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Thomas Sepez <tsepez@google.com>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
index f252339..e567dd5 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
@@ -915,19 +915,29 @@
const int32_t taglen = tag.GetLength();
DCHECK_GT(taglen, 0);
- int32_t match = 0;
while (true) {
- uint8_t ch;
- if (!GetNextChar(ch))
- return -1;
+ const FX_FILESIZE match_start_pos = GetPos();
+ bool match_found = true;
- if (ch == tag[match]) {
- match++;
- if (match == taglen)
- return GetPos() - startpos - taglen;
- } else {
- match = ch == tag[0] ? 1 : 0;
+ for (int32_t i = 0; i < taglen; i++) {
+ uint8_t ch;
+ if (!GetNextChar(ch)) {
+ return -1;
+ }
+
+ if (ch != tag[i]) {
+ match_found = false;
+ break;
+ }
}
+
+ if (match_found) {
+ return match_start_pos - startpos;
+ }
+
+ // On running into a mismatch, the code restarts from one place ahead w.r.t.
+ // the previous iteration.
+ SetPos(match_start_pos + 1);
}
}
