Fix stack overflow in object Clone() functions

For some complex objects such as CPDF_Dictionary, CPDF_Array, CPDF_Stream, and CPDF_Reference, Clone() could be executed with infinite recursion to cause the stack overflow. Fix this by checking already cloned objects to avoid recursion. BUG=pdfium:513 Review-Url: https://codereview.chromium.org/2250533002
author: weili <weili@chromium.org> 2016-08-23 22:08:37 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-08-23 22:08:37 -0700
commit: a470b5e5371d0674d06068ec38d0d3c3279e85e1 (patch)
tree: e13f893084515082052e30c1cb8d94ec6303e38b /core/fpdfdoc
parent: 0dadcc6fdab7ad1f2ee95d763f31aad5d3534f93 (diff)
download: pdfium-a470b5e5371d0674d06068ec38d0d3c3279e85e1.tar.xz
1 files changed, 4 insertions, 4 deletions
diff --git a/core/fpdfdoc/cpdf_interform.cpp b/core/fpdfdoc/cpdf_interform.cpp
index cf728a7d4b..a6f73c620b 100644
--- a/core/fpdfdoc/cpdf_interform.cpp
+++ b/core/fpdfdoc/cpdf_interform.cpp
@@ -1403,7 +1403,7 @@ CPDF_FormField* CPDF_InterForm::AddTerminalField(CPDF_Dictionary* pFieldDict) {
     pField = new CPDF_FormField(this, pParent);
     CPDF_Object* pTObj = pDict->GetObjectBy("T");
     if (ToReference(pTObj)) {
-      CPDF_Object* pClone = pTObj->Clone(TRUE);
+      CPDF_Object* pClone = pTObj->CloneDirectObject();
       if (pClone)
         pDict->SetAt("T", pClone);
       else
@@ -1535,7 +1535,7 @@ CFDF_Document* CPDF_InterForm::ExportToFDF(
       } else {
         CPDF_Object* pV = FPDF_GetFieldAttr(pField->m_pDict, "V");
         if (pV)
-          pFieldDict->SetAt("V", pV->Clone(TRUE));
+          pFieldDict->SetAt("V", pV->CloneDirectObject());
       }
       pFields->Add(pFieldDict);
     }
@@ -1587,8 +1587,8 @@ void CPDF_InterForm::FDF_ImportField(CPDF_Dictionary* pFieldDict,
   CPDF_FormField::Type eType = pField->GetType();
   if ((eType == CPDF_FormField::ListBox || eType == CPDF_FormField::ComboBox) &&
       pFieldDict->KeyExist("Opt")) {
-    pField->m_pDict->SetAt("Opt",
-                           pFieldDict->GetDirectObjectBy("Opt")->Clone(TRUE));
+    pField->m_pDict->SetAt(
+        "Opt", pFieldDict->GetDirectObjectBy("Opt")->CloneDirectObject());
   }
 
   if (bNotify && m_pFormNotify) {
author	weili <weili@chromium.org>	2016-08-23 22:08:37 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-08-23 22:08:37 -0700
commit	a470b5e5371d0674d06068ec38d0d3c3279e85e1 (patch)
tree	e13f893084515082052e30c1cb8d94ec6303e38b /core/fpdfdoc
parent	0dadcc6fdab7ad1f2ee95d763f31aad5d3534f93 (diff)
download	pdfium-a470b5e5371d0674d06068ec38d0d3c3279e85e1.tar.xz