diff options
author | Lei Zhang <thestig@chromium.org> | 2017-08-31 11:00:54 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-08-31 18:22:58 +0000 |
commit | 671f0d4949d412f26fba6c675cfb54b1fc170be0 (patch) | |
tree | f6ba8024f26592eb1e7e056a87630c433421f2a6 /core | |
parent | 276dd94b300f1a5eb537fceb5bcfd311d75bd2e6 (diff) | |
download | pdfium-671f0d4949d412f26fba6c675cfb54b1fc170be0.tar.xz |
Prevent FPDFAvail_IsDocAvail() from infinite looping.
BUG=pdfium:875
Change-Id: I3cc29990f0a3398ae903bc14417ec695cca30c6c
Reviewed-on: https://pdfium-review.googlesource.com/12391
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Art Snake <art-snake@yandex-team.ru>
Reviewed-by: Wei Li <weili@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/fpdfapi/parser/cpdf_data_avail.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_data_avail.h | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/core/fpdfapi/parser/cpdf_data_avail.cpp b/core/fpdfapi/parser/cpdf_data_avail.cpp index 76190fa9a9..b7ea238507 100644 --- a/core/fpdfapi/parser/cpdf_data_avail.cpp +++ b/core/fpdfapi/parser/cpdf_data_avail.cpp @@ -943,8 +943,9 @@ bool CPDF_DataAvail::CheckTrailer() { return true; } + // Prevent infinite-looping between Prev entries. uint32_t xrefpos = GetDirectInteger(pTrailerDict, "Prev"); - if (!xrefpos) { + if (!xrefpos || !m_SeenPrevPositions.insert(xrefpos).second) { m_dwPrevXRefOffset = 0; m_docStatus = PDF_DATAAVAIL_LOADALLCROSSREF; return true; diff --git a/core/fpdfapi/parser/cpdf_data_avail.h b/core/fpdfapi/parser/cpdf_data_avail.h index 1fcdaf034e..e2a4a20aa1 100644 --- a/core/fpdfapi/parser/cpdf_data_avail.h +++ b/core/fpdfapi/parser/cpdf_data_avail.h @@ -230,6 +230,7 @@ class CPDF_DataAvail final { PageNode m_PageNode; std::set<uint32_t> m_pageMapCheckState; std::set<uint32_t> m_pagesLoadState; + std::set<uint32_t> m_SeenPrevPositions; std::unique_ptr<CPDF_HintTables> m_pHintTables; bool m_bSupportHintTable; }; |