Check is first page number valid in CPDF_LinearizedHeader. Bug=chromium:850407,chromium:850440 Change-Id: I0115f75677db618b0de5e1e78b13da80b1da9559 Reviewed-on: https://pdfium-review.googlesource.com/34390 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>

commit: f51a4767ee7854991d94d6814aa13f5763f05760 [log] [tgz]
author: Artem Strygin <art-snake@yandex-team.ru> Thu Jun 07 18:01:27 2018 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Thu Jun 07 18:01:27 2018 +0000
tree: dd519311670498683fb59d3d141c793c5b9da76b
parent: e769ab578af3cf646f6268c992fd9c9dcd494708 [diff]
diff --git a/core/fpdfapi/parser/cpdf_linearized_header.cpp b/core/fpdfapi/parser/cpdf_linearized_header.cpp
index 994d69f..5032bc3 100644
--- a/core/fpdfapi/parser/cpdf_linearized_header.cpp
+++ b/core/fpdfapi/parser/cpdf_linearized_header.cpp

@@ -43,6 +43,7 @@
   return header->GetFileSize() == file_size &&
          static_cast<int>(header->GetFirstPageNo()) >= 0 &&
          header->GetFirstPageNo() < kMaxInt &&
+         header->GetFirstPageNo() < header->GetPageCount() &&
          header->GetMainXRefTableFirstEntryOffset() < file_size &&
          header->GetPageCount() > 0 &&
          header->GetFirstPageEndOffset() < file_size &&
commit	f51a4767ee7854991d94d6814aa13f5763f05760	[log] [tgz]
author	Artem Strygin <art-snake@yandex-team.ru>	Thu Jun 07 18:01:27 2018 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Thu Jun 07 18:01:27 2018 +0000
tree	dd519311670498683fb59d3d141c793c5b9da76b
parent	e769ab578af3cf646f6268c992fd9c9dcd494708 [diff]