Limit parsing recursion levels in CPDF_StreamParser

We currently only limit the array recursion levels. This recursion level may also be reset when parsing. This is insufficient to protect against stack overflows. BUG=681920 Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3 Reviewed-on: https://pdfium-review.googlesource.com/2434 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-01-27 10:05:36 -0500
committer: Chromium commit bot <commit-bot@chromium.org> 2017-01-27 15:32:35 +0000
commit: 6438c4f36da162f72e0d53e8fff45cd6687b7f5c (patch)
tree: 0efaccaea0b15375432c387ebc8ee5ce1126254e /core/fpdfapi/page/cpdf_streamcontentparser.cpp
parent: d532036fbb0efa4687f89598ff37518e3825c7b9 (diff)
download: pdfium-6438c4f36da162f72e0d53e8fff45cd6687b7f5c.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
index 2426027976..0e78612bc9 100644
--- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
@@ -628,7 +628,7 @@ void CPDF_StreamContentParser::Handle_BeginImage() {
       break;
     }
     CFX_ByteString key(m_pSyntax->GetWord().Mid(1));
-    auto pObj = m_pSyntax->ReadNextObject(false, 0);
+    auto pObj = m_pSyntax->ReadNextObject(false, false, 0);
     if (!key.IsEmpty()) {
       uint32_t dwObjNum = pObj ? pObj->GetObjNum() : 0;
       if (dwObjNum)
author	Nicolas Pena <npm@chromium.org>	2017-01-27 10:05:36 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	2017-01-27 15:32:35 +0000
commit	6438c4f36da162f72e0d53e8fff45cd6687b7f5c (patch)
tree	0efaccaea0b15375432c387ebc8ee5ce1126254e /core/fpdfapi/page/cpdf_streamcontentparser.cpp
parent	d532036fbb0efa4687f89598ff37518e3825c7b9 (diff)
download	pdfium-6438c4f36da162f72e0d53e8fff45cd6687b7f5c.tar.xz