diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-01-27 10:05:36 -0500 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-01-27 15:32:35 +0000 |
| commit | 6438c4f36da162f72e0d53e8fff45cd6687b7f5c (patch) | |
| tree | 0efaccaea0b15375432c387ebc8ee5ce1126254e /core/fpdfapi/page/cpdf_streamparser.h | |
| parent | d532036fbb0efa4687f89598ff37518e3825c7b9 (diff) | |
| download | pdfium-6438c4f36da162f72e0d53e8fff45cd6687b7f5c.tar.xz | |
Limit parsing recursion levels in CPDF_StreamParser
We currently only limit the array recursion levels. This recursion
level may also be reset when parsing. This is insufficient to protect
against stack overflows.
BUG=681920
Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3
Reviewed-on: https://pdfium-review.googlesource.com/2434
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fpdfapi/page/cpdf_streamparser.h')
| -rw-r--r-- | core/fpdfapi/page/cpdf_streamparser.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/fpdfapi/page/cpdf_streamparser.h b/core/fpdfapi/page/cpdf_streamparser.h index dc3b7dcb40..fdc418c634 100644 --- a/core/fpdfapi/page/cpdf_streamparser.h +++ b/core/fpdfapi/page/cpdf_streamparser.h @@ -35,7 +35,8 @@ class CPDF_StreamParser { void SetPos(uint32_t pos) { m_Pos = pos; } std::unique_ptr<CPDF_Object> GetObject() { return std::move(m_pLastObj); } std::unique_ptr<CPDF_Object> ReadNextObject(bool bAllowNestedArray, - uint32_t dwInArrayLevel); + bool bInArray, + uint32_t dwRecursionLevel); std::unique_ptr<CPDF_Stream> ReadInlineStream( CPDF_Document* pDoc, std::unique_ptr<CPDF_Dictionary> pDict, |