diff options
| author | Tom Sepez <tsepez@chromium.org> | 2015-02-03 16:24:43 -0800 |
|---|---|---|
| committer | Tom Sepez <tsepez@chromium.org> | 2015-02-03 16:24:43 -0800 |
| commit | 4dcf74dc6024ece0dc146a64be983ae2ff9df63d (patch) | |
| tree | dddda76bf3858d630243ae2d79ea2aa56e6dc17e /core | |
| parent | a9e835e6356b40d27a524fa087805c65de442f03 (diff) | |
| download | pdfium-4dcf74dc6024ece0dc146a64be983ae2ff9df63d.tar.xz | |
Merge to XFA: Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor()
Original Review URL: https://codereview.chromium.org/880043004
TBR=thestig@chromium.org
Review URL: https://codereview.chromium.org/893333003
Diffstat (limited to 'core')
| -rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index 53ee762250..c95e616a07 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -2747,7 +2747,11 @@ public: } virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE; + protected: + static const int kMaxDataAvailRecursionDepth = 64; + static int s_CurrentDataAvailRecursionDepth; + FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset); FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints); @@ -2923,6 +2927,9 @@ IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead); } +// static +int CPDF_DataAvail::s_CurrentDataAvailRecursionDepth = 0; + CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead) : IPDF_DataAvail(pFileAvail, pFileRead) { @@ -4399,6 +4406,10 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedFirstPage(FX_INT32 iPage, IFX_DownloadHin } FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) { + CFX_AutoRestorer<int> restorer(&s_CurrentDataAvailRecursionDepth); + if (++s_CurrentDataAvailRecursionDepth > kMaxDataAvailRecursionDepth) { + return FALSE; + } CPDF_Object *pParent = pDict->GetElement("Parent"); if (!pParent) { return FALSE; @@ -4411,9 +4422,8 @@ FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) if (pRet) { m_pPageResource = pRet; return TRUE; - } else { - return HaveResourceAncestor(pParentDict); } + return HaveResourceAncestor(pParentDict); } FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints) { |