diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2012-08-06 00:13:41 +0200 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2012-08-06 14:05:39 +0200 |
| commit | 8f1909597745d2c881f1cacfff7e0a72eb233438 (patch) | |
| tree | 4232cfba73caa52747f991a6931b21f6ebe308cf | |
| parent | 30cea356bb6b5038e7eee642eccb8cf185945a40 (diff) | |
| download | mupdf-8f1909597745d2c881f1cacfff7e0a72eb233438.tar.xz | |
Throw exception on too deeply nested arrays/dicts
Previously we would run out of error stacks in the context and fail abruptly.
Now, throw an exception and hope for the best. At least this plugs any memory
leaks.
| -rw-r--r-- | fitz/base_error.c | 6 | ||||
| -rw-r--r-- | fitz/fitz.h | 1 | ||||
| -rw-r--r-- | pdf/pdf_parse.c | 12 |
3 files changed, 19 insertions, 0 deletions
diff --git a/fitz/base_error.c b/fitz/base_error.c index 71a32a2e..606e9c2a 100644 --- a/fitz/base_error.c +++ b/fitz/base_error.c @@ -43,6 +43,12 @@ void fz_warn(fz_context *ctx, char *fmt, ...) /* Error context */ +int fz_too_deeply_nested(fz_context *ctx) +{ + fz_error_context *ex = ctx->error; + return ex->top + 1 >= nelem(ex->stack); +} + static void throw(fz_error_context *ex) { if (ex->top >= 0) { diff --git a/fitz/fitz.h b/fitz/fitz.h index 266ec549..63278cb1 100644 --- a/fitz/fitz.h +++ b/fitz/fitz.h @@ -255,6 +255,7 @@ void fz_push_try(fz_error_context *ex); void fz_throw(fz_context *, char *, ...) __printflike(2, 3); void fz_rethrow(fz_context *); void fz_warn(fz_context *ctx, char *fmt, ...) __printflike(2, 3); +int fz_too_deeply_nested(fz_context *ctx); /* fz_flush_warnings: Flush any repeated warnings. diff --git a/pdf/pdf_parse.c b/pdf/pdf_parse.c index 0ba6b0a4..4ed6b6f1 100644 --- a/pdf/pdf_parse.c +++ b/pdf/pdf_parse.c @@ -244,6 +244,9 @@ pdf_parse_array(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) break; case PDF_TOK_OPEN_ARRAY: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + obj = pdf_parse_array(xref, file, buf); pdf_array_push(ary, obj); pdf_drop_obj(obj); @@ -251,6 +254,9 @@ pdf_parse_array(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) break; case PDF_TOK_OPEN_DICT: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing dict"); + obj = pdf_parse_dict(xref, file, buf); pdf_array_push(ary, obj); pdf_drop_obj(obj); @@ -348,10 +354,16 @@ pdf_parse_dict(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) switch (tok) { case PDF_TOK_OPEN_ARRAY: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + val = pdf_parse_array(xref, file, buf); break; case PDF_TOK_OPEN_DICT: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + val = pdf_parse_dict(xref, file, buf); break; |