Limit parsing recursion levels in CPDF_StreamParser

We currently only limit the array recursion levels. This recursion level may also be reset when parsing. This is insufficient to protect against stack overflows. BUG=681920 Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3 Reviewed-on: https://pdfium-review.googlesource.com/2434 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-01-27 10:05:36 -0500
committer: Chromium commit bot <commit-bot@chromium.org> 2017-01-27 15:32:35 +0000
commit: 6438c4f36da162f72e0d53e8fff45cd6687b7f5c (patch)
tree: 0efaccaea0b15375432c387ebc8ee5ce1126254e /testing/libfuzzer
parent: d532036fbb0efa4687f89598ff37518e3825c7b9 (diff)
download: pdfium-6438c4f36da162f72e0d53e8fff45cd6687b7f5c.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/testing/libfuzzer/pdf_streamparser_fuzzer.cc b/testing/libfuzzer/pdf_streamparser_fuzzer.cc
index 5cfa318c60..46113d42c6 100644
--- a/testing/libfuzzer/pdf_streamparser_fuzzer.cc
+++ b/testing/libfuzzer/pdf_streamparser_fuzzer.cc
@@ -10,7 +10,8 @@
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   CPDF_StreamParser parser(data, size);
-  while (std::unique_ptr<CPDF_Object> pObj = parser.ReadNextObject(true, 0))
+  while (std::unique_ptr<CPDF_Object> pObj =
+             parser.ReadNextObject(true, false, 0))
     continue;
 
   return 0;
author	Nicolas Pena <npm@chromium.org>	2017-01-27 10:05:36 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	2017-01-27 15:32:35 +0000
commit	6438c4f36da162f72e0d53e8fff45cd6687b7f5c (patch)
tree	0efaccaea0b15375432c387ebc8ee5ce1126254e /testing/libfuzzer
parent	d532036fbb0efa4687f89598ff37518e3825c7b9 (diff)
download	pdfium-6438c4f36da162f72e0d53e8fff45cd6687b7f5c.tar.xz