diff options
| author | Henrique Nakashima <hnakashima@chromium.org> | 2018-04-11 21:55:49 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-11 21:55:49 +0000 |
| commit | b92ec18fdccd196035e02f3232c0b730637ac815 (patch) | |
| tree | a78ea05f4b90265dd6451a6a626bdb3a771b689b /core/fpdfapi/page/cpdf_docpagedata.cpp | |
| parent | c763970de6e749123af76170c16bbc3929058437 (diff) | |
| download | pdfium-b92ec18fdccd196035e02f3232c0b730637ac815.tar.xz | |
Fix crash when ColorSpace references itself directly.
Also fixes any problems with cycles between colorspaces.
Past fixes have solved problems with CPDF_DocPageData::GetColorSpace()
calling itself and CPDF_DocPageData::GetColorSpace() calling
CPDF_ColorSpace::Load() and vice versa. They have not solved
CPDF_ColorSpace::Load() calling itself.
This CL repurposes the |pVisited| set to ensure CPDF_ColorSpace::Load()
does not try to load a colorspace as a dependency of itself and
creates |pVisitedLocal| to ensure CPDF_DocPageData::GetColorSpace()
does not create a similar circular dependency not involving
CPDF_ColorSpace::Load().
Bug: chromium:828206
Change-Id: Ib2d0ec494be169135607f3651e0f70627b26ebd7
Reviewed-on: https://pdfium-review.googlesource.com/29810
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_docpagedata.cpp')
| -rw-r--r-- | core/fpdfapi/page/cpdf_docpagedata.cpp | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/core/fpdfapi/page/cpdf_docpagedata.cpp b/core/fpdfapi/page/cpdf_docpagedata.cpp index 0d2a9189b6..03db315912 100644 --- a/core/fpdfapi/page/cpdf_docpagedata.cpp +++ b/core/fpdfapi/page/cpdf_docpagedata.cpp @@ -219,13 +219,22 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceGuarded( CPDF_Object* pCSObj, const CPDF_Dictionary* pResources, std::set<CPDF_Object*>* pVisited) { + std::set<CPDF_Object*> visitedLocal; + return GetColorSpaceInternal(pCSObj, pResources, pVisited, &visitedLocal); +} + +CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceInternal( + CPDF_Object* pCSObj, + const CPDF_Dictionary* pResources, + std::set<CPDF_Object*>* pVisited, + std::set<CPDF_Object*>* pVisitedInternal) { if (!pCSObj) return nullptr; - if (pdfium::ContainsKey(*pVisited, pCSObj)) + if (pdfium::ContainsKey(*pVisitedInternal, pCSObj)) return nullptr; - pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisited, pCSObj); + pdfium::ScopedSetInsertion<CPDF_Object*> insertion(pVisitedInternal, pCSObj); if (pCSObj->IsName()) { ByteString name = pCSObj->GetString(); @@ -233,8 +242,8 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceGuarded( if (!pCS && pResources) { CPDF_Dictionary* pList = pResources->GetDictFor("ColorSpace"); if (pList) { - return GetColorSpaceGuarded(pList->GetDirectObjectFor(name), nullptr, - pVisited); + return GetColorSpaceInternal(pList->GetDirectObjectFor(name), nullptr, + pVisited, pVisitedInternal); } } if (!pCS || !pResources) @@ -259,7 +268,8 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceGuarded( if (!pDefaultCS) return pCS; - return GetColorSpaceGuarded(pDefaultCS, nullptr, pVisited); + return GetColorSpaceInternal(pDefaultCS, nullptr, pVisited, + pVisitedInternal); } CPDF_Array* pArray = pCSObj->AsArray(); @@ -267,8 +277,8 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceGuarded( return nullptr; if (pArray->GetCount() == 1) { - return GetColorSpaceGuarded(pArray->GetDirectObjectAt(0), pResources, - pVisited); + return GetColorSpaceInternal(pArray->GetDirectObjectAt(0), pResources, + pVisited, pVisitedInternal); } CPDF_CountedColorSpace* csData = nullptr; |