diff options
author | weili <weili@chromium.org> | 2016-08-23 22:08:37 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-08-23 22:08:37 -0700 |
commit | a470b5e5371d0674d06068ec38d0d3c3279e85e1 (patch) | |
tree | e13f893084515082052e30c1cb8d94ec6303e38b /core/fpdfapi/fpdf_parser/include/cpdf_stream.h | |
parent | 0dadcc6fdab7ad1f2ee95d763f31aad5d3534f93 (diff) | |
download | pdfium-a470b5e5371d0674d06068ec38d0d3c3279e85e1.tar.xz |
Fix stack overflow in object Clone() functions
For some complex objects such as CPDF_Dictionary, CPDF_Array,
CPDF_Stream, and CPDF_Reference, Clone() could be executed with
infinite recursion to cause the stack overflow. Fix this by
checking already cloned objects to avoid recursion.
BUG=pdfium:513
Review-Url: https://codereview.chromium.org/2250533002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/include/cpdf_stream.h')
-rw-r--r-- | core/fpdfapi/fpdf_parser/include/cpdf_stream.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/core/fpdfapi/fpdf_parser/include/cpdf_stream.h b/core/fpdfapi/fpdf_parser/include/cpdf_stream.h index 6aa8bca8dc..7ea761ef51 100644 --- a/core/fpdfapi/fpdf_parser/include/cpdf_stream.h +++ b/core/fpdfapi/fpdf_parser/include/cpdf_stream.h @@ -7,6 +7,8 @@ #ifndef CORE_FPDFAPI_FPDF_PARSER_INCLUDE_CPDF_STREAM_H_ #define CORE_FPDFAPI_FPDF_PARSER_INCLUDE_CPDF_STREAM_H_ +#include <set> + #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_object.h" #include "core/fxcrt/include/fx_stream.h" @@ -17,7 +19,7 @@ class CPDF_Stream : public CPDF_Object { // CPDF_Object. Type GetType() const override; - CPDF_Object* Clone(FX_BOOL bDirect = FALSE) const override; + CPDF_Object* Clone() const override; CPDF_Dictionary* GetDict() const override; CFX_WideString GetUnicodeText() const override; bool IsStream() const override; @@ -45,6 +47,9 @@ class CPDF_Stream : public CPDF_Object { static const uint32_t kMemoryBasedGenNum = (uint32_t)-1; ~CPDF_Stream() override; + CPDF_Object* CloneNonCyclic( + bool bDirect, + std::set<const CPDF_Object*>* pVisited) const override; void InitStreamInternal(CPDF_Dictionary* pDict); |