diff options
| -rw-r--r-- | fitz/base_error.c | 6 | ||||
| -rw-r--r-- | fitz/fitz.h | 1 | ||||
| -rw-r--r-- | pdf/pdf_parse.c | 12 |
3 files changed, 19 insertions, 0 deletions
diff --git a/fitz/base_error.c b/fitz/base_error.c index 71a32a2e..606e9c2a 100644 --- a/fitz/base_error.c +++ b/fitz/base_error.c @@ -43,6 +43,12 @@ void fz_warn(fz_context *ctx, char *fmt, ...) /* Error context */ +int fz_too_deeply_nested(fz_context *ctx) +{ + fz_error_context *ex = ctx->error; + return ex->top + 1 >= nelem(ex->stack); +} + static void throw(fz_error_context *ex) { if (ex->top >= 0) { diff --git a/fitz/fitz.h b/fitz/fitz.h index 266ec549..63278cb1 100644 --- a/fitz/fitz.h +++ b/fitz/fitz.h @@ -255,6 +255,7 @@ void fz_push_try(fz_error_context *ex); void fz_throw(fz_context *, char *, ...) __printflike(2, 3); void fz_rethrow(fz_context *); void fz_warn(fz_context *ctx, char *fmt, ...) __printflike(2, 3); +int fz_too_deeply_nested(fz_context *ctx); /* fz_flush_warnings: Flush any repeated warnings. diff --git a/pdf/pdf_parse.c b/pdf/pdf_parse.c index 0ba6b0a4..4ed6b6f1 100644 --- a/pdf/pdf_parse.c +++ b/pdf/pdf_parse.c @@ -244,6 +244,9 @@ pdf_parse_array(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) break; case PDF_TOK_OPEN_ARRAY: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + obj = pdf_parse_array(xref, file, buf); pdf_array_push(ary, obj); pdf_drop_obj(obj); @@ -251,6 +254,9 @@ pdf_parse_array(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) break; case PDF_TOK_OPEN_DICT: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing dict"); + obj = pdf_parse_dict(xref, file, buf); pdf_array_push(ary, obj); pdf_drop_obj(obj); @@ -348,10 +354,16 @@ pdf_parse_dict(pdf_document *xref, fz_stream *file, pdf_lexbuf *buf) switch (tok) { case PDF_TOK_OPEN_ARRAY: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + val = pdf_parse_array(xref, file, buf); break; case PDF_TOK_OPEN_DICT: + if (fz_too_deeply_nested(ctx)) + fz_throw(ctx, "nested too deep, not parsing array"); + val = pdf_parse_dict(xref, file, buf); break; |