diff options
author | Henrique Nakashima <hnakashima@chromium.org> | 2018-04-11 21:55:49 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-11 21:55:49 +0000 |
commit | b92ec18fdccd196035e02f3232c0b730637ac815 (patch) | |
tree | a78ea05f4b90265dd6451a6a626bdb3a771b689b /core/fpdfapi/page/cpdf_docpagedata.h | |
parent | c763970de6e749123af76170c16bbc3929058437 (diff) | |
download | pdfium-b92ec18fdccd196035e02f3232c0b730637ac815.tar.xz |
Fix crash when ColorSpace references itself directly.
Also fixes any problems with cycles between colorspaces.
Past fixes have solved problems with CPDF_DocPageData::GetColorSpace()
calling itself and CPDF_DocPageData::GetColorSpace() calling
CPDF_ColorSpace::Load() and vice versa. They have not solved
CPDF_ColorSpace::Load() calling itself.
This CL repurposes the |pVisited| set to ensure CPDF_ColorSpace::Load()
does not try to load a colorspace as a dependency of itself and
creates |pVisitedLocal| to ensure CPDF_DocPageData::GetColorSpace()
does not create a similar circular dependency not involving
CPDF_ColorSpace::Load().
Bug: chromium:828206
Change-Id: Ib2d0ec494be169135607f3651e0f70627b26ebd7
Reviewed-on: https://pdfium-review.googlesource.com/29810
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_docpagedata.h')
-rw-r--r-- | core/fpdfapi/page/cpdf_docpagedata.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/core/fpdfapi/page/cpdf_docpagedata.h b/core/fpdfapi/page/cpdf_docpagedata.h index 02107aa2bb..5508f568be 100644 --- a/core/fpdfapi/page/cpdf_docpagedata.h +++ b/core/fpdfapi/page/cpdf_docpagedata.h @@ -39,8 +39,13 @@ class CPDF_DocPageData { CPDF_FontEncoding* pEncoding); void ReleaseFont(const CPDF_Dictionary* pFontDict); + // Loads a colorspace. CPDF_ColorSpace* GetColorSpace(CPDF_Object* pCSObj, const CPDF_Dictionary* pResources); + + // Loads a colorspace in a context that might be while loading another + // colorspace. |pVisited| is passed recursively to avoid circular calls + // involving CPDF_ColorSpace::Load(). CPDF_ColorSpace* GetColorSpaceGuarded(CPDF_Object* pCSObj, const CPDF_Dictionary* pResources, std::set<CPDF_Object*>* pVisited); @@ -68,6 +73,17 @@ class CPDF_DocPageData { private: using CPDF_CountedFont = CPDF_CountedObject<CPDF_Font>; + // Loads a colorspace in a context that might be while loading another + // colorspace, or even in a recursive call from this method itself. |pVisited| + // is passed recursively to avoid circular calls involving + // CPDF_ColorSpace::Load() and |pVisitedInternal| is also passed recursively + // to avoid circular calls with this method calling itself. + CPDF_ColorSpace* GetColorSpaceInternal( + CPDF_Object* pCSObj, + const CPDF_Dictionary* pResources, + std::set<CPDF_Object*>* pVisited, + std::set<CPDF_Object*>* pVisitedInternal); + bool m_bForceClear; UnownedPtr<CPDF_Document> const m_pPDFDoc; std::map<ByteString, CPDF_Stream*> m_HashProfileMap; |