diff options
| author | Wei Li <weili@chromium.org> | 2016-01-08 14:26:18 -0800 |
|---|---|---|
| committer | Wei Li <weili@chromium.org> | 2016-01-08 14:26:18 -0800 |
| commit | 149f1db8bba85bdf2b40d330c38f2478695ca0d5 (patch) | |
| tree | 1156a67f35ea8ac7e7077222fcc02b92471b23a7 /core/src | |
| parent | e6bd31873c3dba3f79c5ebbbefed636948629cc9 (diff) | |
| download | pdfium-149f1db8bba85bdf2b40d330c38f2478695ca0d5.tar.xz | |
Fix infinite loop caused by parsing same indirect objects
BUG=pdfium:343
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/1569343002 .
Diffstat (limited to 'core/src')
| -rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index ad97d1f369..236ecaa837 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -36,6 +36,20 @@ struct SearchTagRecord { FX_DWORD m_Offset; }; +template <typename T> +class ScopedSetInsertion { + public: + ScopedSetInsertion(std::set<T>* org_set, T elem) + : m_Set(org_set), m_Entry(elem) { + m_Set->insert(m_Entry); + } + ~ScopedSetInsertion() { m_Set->erase(m_Entry); } + + private: + std::set<T>* const m_Set; + const T m_Entry; +}; + int CompareFileSize(const void* p1, const void* p2) { return *(FX_FILESIZE*)p1 - *(FX_FILESIZE*)p2; } @@ -1193,6 +1207,11 @@ CPDF_Object* CPDF_Parser::ParseIndirectObject(CPDF_IndirectObjects* pObjList, if (!IsValidObjectNumber(objnum)) return nullptr; + // Prevent circular parsing the same object. + if (pdfium::ContainsKey(m_ParsingObjNums, objnum)) + return nullptr; + ScopedSetInsertion<FX_DWORD> local_insert(&m_ParsingObjNums, objnum); + if (m_V5Type[objnum] == 1 || m_V5Type[objnum] == 255) { FX_FILESIZE pos = m_ObjectInfo[objnum].pos; if (pos <= 0) |