Prevent duplicate parses of same data, in the same recursive descent

When parsing if there is a loop in the data being parsed, the recursions will just keep cycling until it exhausts memory and crashes. This CL introduces a parsed set, which a reference to is passed down the descent. If the data being parsed at a specific stage of the descent is already in the parsed set, then the parse returns at that point. BUG=chromium:759224 Change-Id: I1dca73d81020099dec03fd49aaa44cdcdf38e17e Reviewed-on: https://pdfium-review.googlesource.com/12470 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2017-08-31 11:57:14 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-08-31 17:06:29 +0000
commit: bc0ca1ec9b157ab8773c9043725c7422f7c1a57c (patch)
tree: c1e46db02a10e3377d597265dcf125b980c277b0 /core/fpdfapi/page/cpdf_contentparser.cpp
parent: df064df7a08e008b3c8e4d56bb0b75da9f014147 (diff)
download: pdfium-bc0ca1ec9b157ab8773c9043725c7422f7c1a57c.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/core/fpdfapi/page/cpdf_contentparser.cpp b/core/fpdfapi/page/cpdf_contentparser.cpp
index 061ec74de8..3032f2cd01 100644
--- a/core/fpdfapi/page/cpdf_contentparser.cpp
+++ b/core/fpdfapi/page/cpdf_contentparser.cpp
@@ -73,7 +73,7 @@ void CPDF_ContentParser::Start(CPDF_Form* pForm,
                                CPDF_AllStates* pGraphicStates,
                                const CFX_Matrix* pParentMatrix,
                                CPDF_Type3Char* pType3Char,
-                               int level) {
+                               std::set<const uint8_t*>* parsedSet) {
   m_pType3Char = pType3Char;
   m_pObjectHolder = pForm;
   m_bForm = true;
@@ -101,7 +101,7 @@ void CPDF_ContentParser::Start(CPDF_Form* pForm,
   m_pParser = pdfium::MakeUnique<CPDF_StreamContentParser>(
       pForm->m_pDocument.Get(), pForm->m_pPageResources.Get(),
       pForm->m_pResources.Get(), pParentMatrix, pForm, pResources, form_bbox,
-      pGraphicStates, level);
+      pGraphicStates, parsedSet);
   m_pParser->GetCurStates()->m_CTM = form_matrix;
   m_pParser->GetCurStates()->m_ParentMatrix = form_matrix;
   if (ClipPath.HasRef()) {
@@ -169,11 +169,12 @@ void CPDF_ContentParser::Continue(IFX_PauseIndicator* pPause) {
     }
     if (m_InternalStage == STAGE_PARSE) {
       if (!m_pParser) {
+        m_parsedSet = pdfium::MakeUnique<std::set<const uint8_t*>>();
         m_pParser = pdfium::MakeUnique<CPDF_StreamContentParser>(
             m_pObjectHolder->m_pDocument.Get(),
             m_pObjectHolder->m_pPageResources.Get(), nullptr, nullptr,
             m_pObjectHolder.Get(), m_pObjectHolder->m_pResources.Get(),
-            m_pObjectHolder->m_BBox, nullptr, 0);
+            m_pObjectHolder->m_BBox, nullptr, m_parsedSet.get());
         m_pParser->GetCurStates()->m_ColorState.SetDefault();
       }
       if (m_CurrentOffset >= m_Size) {
author	Ryan Harrison <rharrison@chromium.org>	2017-08-31 11:57:14 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-08-31 17:06:29 +0000
commit	bc0ca1ec9b157ab8773c9043725c7422f7c1a57c (patch)
tree	c1e46db02a10e3377d597265dcf125b980c277b0 /core/fpdfapi/page/cpdf_contentparser.cpp
parent	df064df7a08e008b3c8e4d56bb0b75da9f014147 (diff)
download	pdfium-bc0ca1ec9b157ab8773c9043725c7422f7c1a57c.tar.xz