diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-04-11 11:05:56 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-04-11 15:27:16 +0000 |
| commit | 5c97fd86374a1638710870a8603438f6d6fa11d1 (patch) | |
| tree | f0650a974cdb739c421a961c06d48cb54a087451 | |
| parent | 6e485caca4d943a616853fbbf7446d398412bf13 (diff) | |
| download | pdfium-5c97fd86374a1638710870a8603438f6d6fa11d1.tar.xz | |
Avoid long assignment chain in FM parser
We only parse FM right before translating to JS. Our current implementation of
assignment will duplicate to first expression's ToJavascript. So having a long
chain of assignments will result in a huge ToJavascript.
Bug: chromium:665087
Change-Id: I542371b5787113be2f2d686153ed0a6c48191bab
Reviewed-on: https://pdfium-review.googlesource.com/4030
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_error.cpp | 2 | ||||
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_error.h | 1 | ||||
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_fmparse.cpp | 12 |
3 files changed, 15 insertions, 0 deletions
diff --git a/xfa/fxfa/fm2js/xfa_error.cpp b/xfa/fxfa/fm2js/xfa_error.cpp index 9ca886954a..1d31ce6958 100644 --- a/xfa/fxfa/fm2js/xfa_error.cpp +++ b/xfa/fxfa/fm2js/xfa_error.cpp @@ -15,3 +15,5 @@ const wchar_t kFMErrExpectedEndIf[] = L"expected 'endif' instead of '%s'"; const wchar_t kFMErrUnexpectedExpression[] = L"unexpected expression '%s'"; const wchar_t kFMErrExpectedNonEmptyExpression[] = L"expected non-empty expression"; +const wchar_t kFMErrLongAssignmentChain[] = + L"long assignment chains are unsupported"; diff --git a/xfa/fxfa/fm2js/xfa_error.h b/xfa/fxfa/fm2js/xfa_error.h index d6bb72bb34..b6621da440 100644 --- a/xfa/fxfa/fm2js/xfa_error.h +++ b/xfa/fxfa/fm2js/xfa_error.h @@ -17,6 +17,7 @@ extern const wchar_t kFMErrExpectedToken[]; extern const wchar_t kFMErrExpectedEndIf[]; extern const wchar_t kFMErrUnexpectedExpression[]; extern const wchar_t kFMErrExpectedNonEmptyExpression[]; +extern const wchar_t kFMErrLongAssignmentChain[]; class CXFA_FMErrorInfo { public: diff --git a/xfa/fxfa/fm2js/xfa_fmparse.cpp b/xfa/fxfa/fm2js/xfa_fmparse.cpp index 09e8f36298..c1f609315b 100644 --- a/xfa/fxfa/fm2js/xfa_fmparse.cpp +++ b/xfa/fxfa/fm2js/xfa_fmparse.cpp @@ -12,6 +12,12 @@ #include "third_party/base/ptr_util.h" +namespace { + +const int kMaxAssignmentChainLength = 12; + +} // namespace + CXFA_FMParse::CXFA_FMParse(const CFX_WideStringC& wsFormcalc, CXFA_FMErrorInfo* pErrorInfo) : m_pToken(nullptr), m_pErrorInfo(pErrorInfo) { @@ -208,9 +214,12 @@ std::unique_ptr<CXFA_FMExpression> CXFA_FMParse::ParseVarExpression() { std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParse::ParseSimpleExpression() { uint32_t line = m_pToken->m_uLinenum; std::unique_ptr<CXFA_FMSimpleExpression> pExp1 = ParseLogicalOrExpression(); + int level = 1; while (m_pToken->m_type == TOKassign) { NextToken(); std::unique_ptr<CXFA_FMSimpleExpression> pExp2 = ParseLogicalOrExpression(); + if (level++ == kMaxAssignmentChainLength) + Error(m_pToken->m_uLinenum, kFMErrLongAssignmentChain); if (m_pErrorInfo->message.IsEmpty()) { pExp1 = pdfium::MakeUnique<CXFA_FMAssignExpression>( line, TOKassign, std::move(pExp1), std::move(pExp2)); @@ -776,9 +785,12 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParse::ParseParenExpression() { uint32_t line = m_pToken->m_uLinenum; std::unique_ptr<CXFA_FMSimpleExpression> pExp1 = ParseLogicalOrExpression(); + int level = 1; while (m_pToken->m_type == TOKassign) { NextToken(); std::unique_ptr<CXFA_FMSimpleExpression> pExp2 = ParseLogicalOrExpression(); + if (level++ == kMaxAssignmentChainLength) + Error(m_pToken->m_uLinenum, kFMErrLongAssignmentChain); if (m_pErrorInfo->message.IsEmpty()) { pExp1 = pdfium::MakeUnique<CXFA_FMAssignExpression>( line, TOKassign, std::move(pExp1), std::move(pExp2)); |