Fix stack overflow in object Clone() functions

For some complex objects such as CPDF_Dictionary, CPDF_Array,
CPDF_Stream, and CPDF_Reference, Clone() could be executed with
infinite recursion to cause the stack overflow. Fix this by
checking already cloned objects to avoid recursion.

BUG=pdfium:513

Review-Url: https://codereview.chromium.org/2250533002

1 files changed, 6 insertions, 1 deletions

diff --git a/core/fpdfapi/fpdf_parser/include/cpdf_array.h b/core/fpdfapi/fpdf_parser/include/cpdf_array.h
index 9bb99da053..8c89a060eb 100644
--- a/core/fpdfapi/fpdf_parser/include/cpdf_array.h
+++ b/core/fpdfapi/fpdf_parser/include/cpdf_array.h
@@ -7,6 +7,7 @@
 #ifndef CORE_FPDFAPI_FPDF_PARSER_INCLUDE_CPDF_ARRAY_H_
 #define CORE_FPDFAPI_FPDF_PARSER_INCLUDE_CPDF_ARRAY_H_
 
+#include <set>
 #include <vector>
 
 #include "core/fpdfapi/fpdf_parser/include/cpdf_indirect_object_holder.h"
@@ -23,7 +24,7 @@ class CPDF_Array : public CPDF_Object {
 
   // CPDF_Object.
   Type GetType() const override;
-  CPDF_Object* Clone(FX_BOOL bDirect = FALSE) const override;
+  CPDF_Object* Clone() const override;
   bool IsArray() const override;
   CPDF_Array* AsArray() override;
   const CPDF_Array* AsArray() const override;
@@ -68,6 +69,10 @@ class CPDF_Array : public CPDF_Object {
  protected:
   ~CPDF_Array() override;
 
+  CPDF_Object* CloneNonCyclic(
+      bool bDirect,
+      std::set<const CPDF_Object*>* pVisited) const override;
+
   std::vector<CPDF_Object*> m_Objects;
 };