diff options
| author | Tom Sepez <tsepez@chromium.org> | 2015-01-26 16:51:21 -0800 |
|---|---|---|
| committer | Tom Sepez <tsepez@chromium.org> | 2015-01-26 16:51:21 -0800 |
| commit | a03932372b0906a340a6e3860c87e45f9ec79042 (patch) | |
| tree | bb92376fc72a8b30e76a09aec332141eeae58634 /fpdfsdk/src | |
| parent | fa370ac5cf6472f0ec0c9ecf62d1f9dd20ebfa42 (diff) | |
| download | pdfium-a03932372b0906a340a6e3860c87e45f9ec79042.tar.xz | |
Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt().
A suitably corrupted file can cause the parser(s) to repeatedly re-read
sections of the file at increasing parser recursion depth until the
stack is exhausted. There is supposed to be a check for this based upon
the parser "level", but not all call paths pass or update the level as
required.
Much as I hate per-class statics, this introduces one to track the depth
so that the check is enforced no matter how screwy the call path might be
that leads the parser to re-enter itself. This is more palatable than trying
to find all these paths and fix them. We know this is OK since there is
only one thread in here modifying the static.
BUG=451830
R=thestig@chromium.org
Review URL: https://codereview.chromium.org/875263002
Diffstat (limited to 'fpdfsdk/src')
| -rw-r--r-- | fpdfsdk/src/fpdfview_embeddertest.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fpdfsdk/src/fpdfview_embeddertest.cpp b/fpdfsdk/src/fpdfview_embeddertest.cpp index ee32727ace..14a6532a58 100644 --- a/fpdfsdk/src/fpdfview_embeddertest.cpp +++ b/fpdfsdk/src/fpdfview_embeddertest.cpp @@ -177,3 +177,8 @@ TEST_F(FPDFViewEmbeddertest, NamedDestsByName) { dest = FPDF_GetNamedDestByName(document(), "Bogus"); EXPECT_EQ(nullptr, dest); } + +// The following tests pass if the document opens without crashing. +TEST_F(FPDFViewEmbeddertest, Crashers) { + EXPECT_TRUE(OpenDocument("testing/resources/bug_451830.pdf")); +} |