diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2018-03-28 13:20:09 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-03-28 13:20:09 +0000 |
| commit | 8eac5ad73918818569859cd0453a1d5a44a1f81b (patch) | |
| tree | d3a6bd4d76935662531512da5c65837d563d65dd | |
| parent | e6ce3428fce89f17e2e416adc567a401901f340b (diff) | |
| download | pdfium-8eac5ad73918818569859cd0453a1d5a44a1f81b.tar.xz | |
Smaller post expression set
This CL decreases the kMaxPostExpressions to 256. This is the number of
accessors you can attach to a single statement (e.g. foo.#A.#A.#A).
Having a very large number can cause stack overflows. The accessor does
not seem like it would expect hundreds of entries on a single element.
Bug: chromium:820688
Change-Id: I19966b43c96f5d1d02a79af127a0c96609420811
Reviewed-on: https://pdfium-review.googlesource.com/29330
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
| -rw-r--r-- | xfa/fxfa/fm2js/cxfa_fmparser.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/xfa/fxfa/fm2js/cxfa_fmparser.cpp b/xfa/fxfa/fm2js/cxfa_fmparser.cpp index 5079ab110e..dca427a20a 100644 --- a/xfa/fxfa/fm2js/cxfa_fmparser.cpp +++ b/xfa/fxfa/fm2js/cxfa_fmparser.cpp @@ -16,7 +16,7 @@ namespace { constexpr unsigned int kMaxParseDepth = 1250; -constexpr unsigned int kMaxPostExpressions = 16384; +constexpr unsigned int kMaxPostExpressions = 256; } // namespace @@ -688,6 +688,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression( case TOKlparen: { if (!NextToken()) return nullptr; + std::vector<std::unique_ptr<CXFA_FMSimpleExpression>> expressions; if (m_token.m_type != TOKrparen) { while (m_token.m_type != TOKrparen) { @@ -789,7 +790,8 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression( std::move(expr), TOKdot, tempStr, std::move(s)); continue; } - } break; + break; + } case TOKdotdot: { if (!NextToken()) return nullptr; @@ -814,7 +816,8 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression( std::move(expr), TOKdotdot, tempStr, std::move(s)); continue; } - } break; + break; + } case TOKdotscream: { if (!NextToken()) return nullptr; @@ -824,6 +827,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression( WideStringView tempStr = m_token.m_string; if (!NextToken()) return nullptr; + if (m_token.m_type != TOKlbracket) { std::unique_ptr<CXFA_FMSimpleExpression> s = pdfium::MakeUnique<CXFA_FMIndexExpression>(ACCESSOR_NO_INDEX, @@ -832,6 +836,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression( std::move(expr), TOKdotscream, tempStr, std::move(s)); continue; } + std::unique_ptr<CXFA_FMSimpleExpression> s = ParseIndexExpression(); if (!s) return nullptr; |