summaryrefslogtreecommitdiff
path: root/core/fpdfapi/fpdf_page/fpdf_page_func.cpp
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-09-20 05:56:50 -0700
committerCommit bot <commit-bot@chromium.org>2016-09-20 05:56:50 -0700
commit044b1d6f4929dd8905a259c1e134f2e582726d3b (patch)
tree09f2d32ff9d80e2a8dfba562ef489417c11cfeaa /core/fpdfapi/fpdf_page/fpdf_page_func.cpp
parent81e1e3fd2d33478733e47bd007b76fac1a663e74 (diff)
downloadpdfium-044b1d6f4929dd8905a259c1e134f2e582726d3b.tar.xz
Fix stack exhaustion in CPDF_PSProc::Parse()
BUG=648059 Review-Url: https://codereview.chromium.org/2350013003
Diffstat (limited to 'core/fpdfapi/fpdf_page/fpdf_page_func.cpp')
-rw-r--r--core/fpdfapi/fpdf_page/fpdf_page_func.cpp10
1 files changed, 7 insertions, 3 deletions
diff --git a/core/fpdfapi/fpdf_page/fpdf_page_func.cpp b/core/fpdfapi/fpdf_page/fpdf_page_func.cpp
index 63ab3056c7..266b2bd09f 100644
--- a/core/fpdfapi/fpdf_page/fpdf_page_func.cpp
+++ b/core/fpdfapi/fpdf_page/fpdf_page_func.cpp
@@ -139,9 +139,13 @@ FX_BOOL CPDF_PSEngine::Parse(const FX_CHAR* str, int size) {
if (word != "{") {
return FALSE;
}
- return m_MainProc.Parse(&parser);
+ return m_MainProc.Parse(&parser, 0);
}
-FX_BOOL CPDF_PSProc::Parse(CPDF_SimpleParser* parser) {
+
+FX_BOOL CPDF_PSProc::Parse(CPDF_SimpleParser* parser, int depth) {
+ if (depth > kMaxDepth)
+ return FALSE;
+
while (1) {
CFX_ByteStringC word = parser->GetWord();
if (word.IsEmpty()) {
@@ -154,7 +158,7 @@ FX_BOOL CPDF_PSProc::Parse(CPDF_SimpleParser* parser) {
std::unique_ptr<CPDF_PSProc> proc(new CPDF_PSProc);
std::unique_ptr<CPDF_PSOP> op(new CPDF_PSOP(std::move(proc)));
m_Operators.push_back(std::move(op));
- if (!m_Operators.back()->GetProc()->Parse(parser)) {
+ if (!m_Operators.back()->GetProc()->Parse(parser, depth + 1)) {
return FALSE;
}
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 08:30:24 +0000