Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #14699 from Snuffleupagus/getDocument-validation

Browse Source 
Slightly improve validation of (some) parameters in `getDocument`
This commit is contained in:
Tim van der Meij 2022-03-23 20:41:05 +01:00 committed by GitHub
commit a3e34002cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/display/api.js
View File

@ -316,7 +316,6 @@ function getDocument(src) {
params[key] = value; params[key] = value;
} }
params.rangeChunkSize = params.rangeChunkSize || DEFAULT_RANGE_CHUNK_SIZE;
params.CMapReaderFactory = params.CMapReaderFactory =
params.CMapReaderFactory || DefaultCMapReaderFactory; params.CMapReaderFactory || DefaultCMapReaderFactory;
params.StandardFontDataFactory = params.StandardFontDataFactory =
@ -326,6 +325,9 @@ function getDocument(src) {
params.pdfBug = params.pdfBug === true; params.pdfBug = params.pdfBug === true;
params.enableXfa = params.enableXfa === true; params.enableXfa = params.enableXfa === true;
if (!Number.isInteger(params.rangeChunkSize) || params.rangeChunkSize < 1) {
params.rangeChunkSize = DEFAULT_RANGE_CHUNK_SIZE;
}
if ( if (
typeof params.docBaseUrl !== "string" || typeof params.docBaseUrl !== "string" ||
isDataScheme(params.docBaseUrl) isDataScheme(params.docBaseUrl)
@ -335,7 +337,7 @@ function getDocument(src) {
// they contain the *entire* PDF document and can thus be arbitrarily long. // they contain the *entire* PDF document and can thus be arbitrarily long.
params.docBaseUrl = null; params.docBaseUrl = null;
} }
if (!Number.isInteger(params.maxImageSize)) { if (!Number.isInteger(params.maxImageSize) || params.maxImageSize < -1) {
params.maxImageSize = -1; params.maxImageSize = -1;
} }
if (typeof params.cMapUrl !== "string") { if (typeof params.cMapUrl !== "string") {
@ -363,7 +365,10 @@ function getDocument(src) {
isNodeJS isNodeJS
) && !params.disableFontFace; ) && !params.disableFontFace;
} }
if (typeof params.ownerDocument === "undefined") { if (
typeof params.ownerDocument !== "object" ||
params.ownerDocument === null
) {
params.ownerDocument = globalThis.document; params.ownerDocument = globalThis.document;
} }

10
src/display/network_utils.js
View File

@ -27,7 +27,15 @@ function validateRangeRequestCapabilities({
rangeChunkSize, rangeChunkSize,
disableRange, disableRange,
}) { }) {
assert(rangeChunkSize > 0, "Range chunk size must be larger than zero"); if (
typeof PDFJSDev === "undefined" ||
PDFJSDev.test("!PRODUCTION || TESTING")
) {
assert(
Number.isInteger(rangeChunkSize) && rangeChunkSize > 0,
"rangeChunkSize must be an integer larger than zero."
);
}
const returnValues = { const returnValues = {
allowRangeRequests: false, allowRangeRequests: false,
suggestedLength: undefined, suggestedLength: undefined,

12
test/unit/network_utils_spec.js
View File

@ -26,10 +26,18 @@ import {
describe("network_utils", function () { describe("network_utils", function () {
describe("validateRangeRequestCapabilities", function () { describe("validateRangeRequestCapabilities", function () {
it("rejects range chunk sizes that are not larger than zero", function () { it("rejects invalid rangeChunkSize", function () {
expect(function () {
validateRangeRequestCapabilities({ rangeChunkSize: "abc" });
}).toThrow(
new Error("rangeChunkSize must be an integer larger than zero.")
);
expect(function () { expect(function () {
validateRangeRequestCapabilities({ rangeChunkSize: 0 }); validateRangeRequestCapabilities({ rangeChunkSize: 0 });
}).toThrow(new Error("Range chunk size must be larger than zero")); }).toThrow(
new Error("rangeChunkSize must be an integer larger than zero.")
);
}); });
it("rejects disabled or non-HTTP range requests", function () { it("rejects disabled or non-HTTP range requests", function () {