Fix infinite recursion in CPDF_DocPageData::GetColorSpace().

BUG=pdfium:497 Review-Url: https://codereview.chromium.org/2003873002
author: thestig <thestig@chromium.org> 2016-05-23 10:07:03 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-05-23 10:07:03 -0700
commit: 885bba0b002e2a70e7808e65a53d6f977ddccd95 (patch)
tree: 7b42aa224a15dc91ed79cbe8da8fcca7d5c1ccbc
parent: a55880db9272d2ad98ce600efbf068408e8fcf15 (diff)
download: pdfium-885bba0b002e2a70e7808e65a53d6f977ddccd95.tar.xz
3 files changed, 34 insertions, 7 deletions
diff --git a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
index f872906674..f0c5302b95 100644
--- a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
+++ b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp
@@ -19,6 +19,7 @@
 #include "core/fpdfapi/fpdf_parser/include/cpdf_document.h"
 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h"
 #include "core/fpdfapi/include/cpdf_modulemgr.h"
+#include "third_party/base/stl_util.h"
 
 void CPDF_ModuleMgr::InitPageModule() {
   m_pPageModule.reset(new CPDF_PageModule);
@@ -222,17 +223,29 @@ void CPDF_DocPageData::ReleaseFont(CPDF_Dictionary* pFontDict) {
 CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace(
     CPDF_Object* pCSObj,
     const CPDF_Dictionary* pResources) {
+  std::set<CPDF_Object*> visited;
+  return GetColorSpaceImpl(pCSObj, pResources, &visited);
+}
+
+CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceImpl(
+    CPDF_Object* pCSObj,
+    const CPDF_Dictionary* pResources,
+    std::set<CPDF_Object*>* pVisited) {
   if (!pCSObj)
     return nullptr;
 
+  if (pdfium::ContainsKey(*pVisited, pCSObj))
+    return nullptr;
+
   if (pCSObj->IsName()) {
     CFX_ByteString name = pCSObj->GetString();
     CPDF_ColorSpace* pCS = CPDF_ColorSpace::ColorspaceFromName(name);
     if (!pCS && pResources) {
       CPDF_Dictionary* pList = pResources->GetDictBy("ColorSpace");
       if (pList) {
-        pCSObj = pList->GetDirectObjectBy(name);
-        return GetColorSpace(pCSObj, nullptr);
+        pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+        return GetColorSpaceImpl(pList->GetDirectObjectBy(name), nullptr,
+                                 pVisited);
       }
     }
     if (!pCS || !pResources)
@@ -254,14 +267,22 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace(
         pDefaultCS = pColorSpaces->GetDirectObjectBy("DefaultCMYK");
         break;
     }
-    return pDefaultCS ? GetColorSpace(pDefaultCS, nullptr) : pCS;
+    if (!pDefaultCS)
+      return pCS;
+
+    pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+    return GetColorSpaceImpl(pDefaultCS, nullptr, pVisited);
   }
 
   CPDF_Array* pArray = pCSObj->AsArray();
   if (!pArray || pArray->GetCount() == 0)
     return nullptr;
-  if (pArray->GetCount() == 1)
-    return GetColorSpace(pArray->GetDirectObjectAt(0), pResources);
+
+  if (pArray->GetCount() == 1) {
+    pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj);
+    return GetColorSpaceImpl(pArray->GetDirectObjectAt(0), pResources,
+                             pVisited);
+  }
 
   CPDF_CountedColorSpace* csData = nullptr;
   auto it = m_ColorSpaceMap.find(pCSObj);
diff --git a/core/fpdfapi/fpdf_page/pageint.h b/core/fpdfapi/fpdf_page/pageint.h
index 64d106f1dc..b884338f76 100644
--- a/core/fpdfapi/fpdf_page/pageint.h
+++ b/core/fpdfapi/fpdf_page/pageint.h
@@ -10,6 +10,7 @@
 #include <map>
 #include <memory>
 #include <unordered_map>
+#include <set>
 #include <vector>
 
 #include "core/fpdfapi/fpdf_page/cpdf_contentmark.h"
@@ -356,6 +357,10 @@ class CPDF_DocPageData {
   using CPDF_ImageMap = std::map<uint32_t, CPDF_CountedImage*>;
   using CPDF_PatternMap = std::map<CPDF_Object*, CPDF_CountedPattern*>;
 
+  CPDF_ColorSpace* GetColorSpaceImpl(CPDF_Object* pCSObj,
+                                     const CPDF_Dictionary* pResources,
+                                     std::set<CPDF_Object*>* pVisited);
+
   CPDF_Document* const m_pPDFDoc;
   FX_BOOL m_bForceClear;
   std::map<CFX_ByteString, CPDF_Stream*> m_HashProfileMap;
diff --git a/core/fpdfapi/fpdf_parser/cpdf_document.cpp b/core/fpdfapi/fpdf_parser/cpdf_document.cpp
index 13d9737b5b..79965a23bb 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_document.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_document.cpp
@@ -394,9 +394,10 @@ int InsertDeletePDFPage(CPDF_Document* pDoc,
     } else {
       int nPages = pKid->GetIntegerBy("Count");
       if (nPagesToGo < nPages) {
-        if (pdfium::ContainsValue(*pVisited, pKid))
+        if (pdfium::ContainsKey(*pVisited, pKid))
           return -1;
-        pdfium::ScopedSetInsertion<CPDF_Dictionary*>(pVisited, pKid);
+
+        pdfium::ScopedSetInsertion<CPDF_Dictionary*> insertion(pVisited, pKid);
         if (InsertDeletePDFPage(pDoc, pKid, nPagesToGo, pPage, bInsert,
                                 pVisited) < 0) {
           return -1;
author	thestig <thestig@chromium.org>	2016-05-23 10:07:03 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-05-23 10:07:03 -0700
commit	885bba0b002e2a70e7808e65a53d6f977ddccd95 (patch)
tree	7b42aa224a15dc91ed79cbe8da8fcca7d5c1ccbc
parent	a55880db9272d2ad98ce600efbf068408e8fcf15 (diff)
download	pdfium-885bba0b002e2a70e7808e65a53d6f977ddccd95.tar.xz