diff options
author | Ryan Harrison <rharrison@chromium.org> | 2017-10-25 14:32:14 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-25 18:50:23 +0000 |
commit | 1e19e25cd10c24f25beddff56b7c4b5fdc5adbcb (patch) | |
tree | 0dbc342a37e7d28dbf76a0dc9a10d77fabe5f289 /xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp | |
parent | 8f524d6ff9c5c5e07388438e58aca7dc39f43a1f (diff) | |
download | pdfium-1e19e25cd10c24f25beddff56b7c4b5fdc5adbcb.tar.xz |
Add in depth check for ToJavascript and related methods
There exists a similar check for the parser, but it doesn't catch all
cases of excessive memory usage, since a single parse step can
generate multiple expressions that need to be converted or other cases
where the parse depth doesn't match the emission depth later.
Due to the expressions appearing in two different inheritence
hierachies the depth information needs to be stored outside of the
classes, thus the new depth class.
Another way to handle this would be to change the method calls to take
in a visitor object that tracks depth. This would require significant
reworking of some of the code, so I am going to file a bug about doing
that conversion as a cleanup.
BUG=chromium:752495
Change-Id: Ica7c9b60ecf1e17530ea88b7bfb01582c63043be
Reviewed-on: https://pdfium-review.googlesource.com/16752
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Diffstat (limited to 'xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp')
-rw-r--r-- | xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp | 95 |
1 files changed, 91 insertions, 4 deletions
diff --git a/xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp b/xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp index 3cfe0f52d5..86b7c91ec5 100644 --- a/xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp +++ b/xfa/fxfa/fm2js/cxfa_fmsimpleexpression.cpp @@ -7,11 +7,14 @@ #include "xfa/fxfa/fm2js/cxfa_fmsimpleexpression.h" #include <algorithm> +#include <iostream> #include <utility> +#include "core/fxcrt/autorestorer.h" #include "core/fxcrt/cfx_widetextbuf.h" #include "core/fxcrt/fx_extension.h" #include "third_party/base/logging.h" +#include "xfa/fxfa/fm2js/cxfa_fmtojavascriptdepth.h" namespace { @@ -90,11 +93,13 @@ CXFA_FMSimpleExpression::CXFA_FMSimpleExpression(uint32_t line, XFA_FM_TOKEN op) : m_line(line), m_op(op) {} bool CXFA_FMSimpleExpression::ToJavaScript(CFX_WideTextBuf& javascript) { - return true; + CXFA_FMToJavaScriptDepth depthManager; + return depthManager.IsWithinMaxDepth(); } bool CXFA_FMSimpleExpression::ToImpliedReturnJS(CFX_WideTextBuf& javascript) { - return true; + CXFA_FMToJavaScriptDepth depthManager; + return depthManager.IsWithinMaxDepth(); } XFA_FM_TOKEN CXFA_FMSimpleExpression::GetOperatorToken() const { @@ -105,6 +110,10 @@ CXFA_FMNullExpression::CXFA_FMNullExpression(uint32_t line) : CXFA_FMSimpleExpression(line, TOKnull) {} bool CXFA_FMNullExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << L"null"; return true; } @@ -116,6 +125,10 @@ CXFA_FMNumberExpression::CXFA_FMNumberExpression(uint32_t line, CXFA_FMNumberExpression::~CXFA_FMNumberExpression() {} bool CXFA_FMNumberExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << m_wsNumber; return true; } @@ -127,6 +140,10 @@ CXFA_FMStringExpression::CXFA_FMStringExpression(uint32_t line, CXFA_FMStringExpression::~CXFA_FMStringExpression() {} bool CXFA_FMStringExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + WideString tempStr(m_wsString); if (tempStr.GetLength() <= 2) { javascript << tempStr; @@ -163,6 +180,10 @@ CXFA_FMIdentifierExpression::CXFA_FMIdentifierExpression( CXFA_FMIdentifierExpression::~CXFA_FMIdentifierExpression() {} bool CXFA_FMIdentifierExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + WideString tempStr(m_wsIdentifier); if (tempStr == L"$") { tempStr = L"this"; @@ -197,7 +218,8 @@ CXFA_FMUnaryExpression::CXFA_FMUnaryExpression( CXFA_FMUnaryExpression::~CXFA_FMUnaryExpression() {} bool CXFA_FMUnaryExpression::ToJavaScript(CFX_WideTextBuf& javascript) { - return true; + CXFA_FMToJavaScriptDepth depthManager; + return depthManager.IsWithinMaxDepth(); } CXFA_FMBinExpression::CXFA_FMBinExpression( @@ -212,7 +234,8 @@ CXFA_FMBinExpression::CXFA_FMBinExpression( CXFA_FMBinExpression::~CXFA_FMBinExpression() {} bool CXFA_FMBinExpression::ToJavaScript(CFX_WideTextBuf& javascript) { - return true; + CXFA_FMToJavaScriptDepth depthManager; + return depthManager.IsWithinMaxDepth(); } CXFA_FMAssignExpression::CXFA_FMAssignExpression( @@ -223,6 +246,10 @@ CXFA_FMAssignExpression::CXFA_FMAssignExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMAssignExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << L"if ("; javascript << gs_lpStrExpFuncName[ISFMOBJECT]; javascript << L"("; @@ -259,6 +286,10 @@ bool CXFA_FMAssignExpression::ToJavaScript(CFX_WideTextBuf& javascript) { } bool CXFA_FMAssignExpression::ToImpliedReturnJS(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << L"if ("; javascript << gs_lpStrExpFuncName[ISFMOBJECT]; javascript << L"("; @@ -306,6 +337,10 @@ CXFA_FMLogicalOrExpression::CXFA_FMLogicalOrExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMLogicalOrExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[LOGICALOR]; javascript << L"("; if (!m_pExp1->ToJavaScript(javascript)) @@ -325,6 +360,10 @@ CXFA_FMLogicalAndExpression::CXFA_FMLogicalAndExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMLogicalAndExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[LOGICALAND]; javascript << L"("; if (!m_pExp1->ToJavaScript(javascript)) @@ -344,6 +383,10 @@ CXFA_FMEqualityExpression::CXFA_FMEqualityExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMEqualityExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + switch (m_op) { case TOKeq: case TOKkseq: @@ -375,6 +418,10 @@ CXFA_FMRelationalExpression::CXFA_FMRelationalExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMRelationalExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + switch (m_op) { case TOKlt: case TOKkslt: @@ -414,6 +461,10 @@ CXFA_FMAdditiveExpression::CXFA_FMAdditiveExpression( : CXFA_FMBinExpression(line, op, std::move(pExp1), std::move(pExp2)) {} bool CXFA_FMAdditiveExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + switch (m_op) { case TOKplus: javascript << gs_lpStrExpFuncName[PLUS]; @@ -444,6 +495,10 @@ CXFA_FMMultiplicativeExpression::CXFA_FMMultiplicativeExpression( bool CXFA_FMMultiplicativeExpression::ToJavaScript( CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + switch (m_op) { case TOKmul: javascript << gs_lpStrExpFuncName[MULTIPLE]; @@ -471,6 +526,10 @@ CXFA_FMPosExpression::CXFA_FMPosExpression( : CXFA_FMUnaryExpression(line, TOKplus, std::move(pExp)) {} bool CXFA_FMPosExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[POSITIVE]; javascript << L"("; if (!m_pExp->ToJavaScript(javascript)) @@ -485,6 +544,10 @@ CXFA_FMNegExpression::CXFA_FMNegExpression( : CXFA_FMUnaryExpression(line, TOKminus, std::move(pExp)) {} bool CXFA_FMNegExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[NEGATIVE]; javascript << L"("; if (!m_pExp->ToJavaScript(javascript)) @@ -499,6 +562,10 @@ CXFA_FMNotExpression::CXFA_FMNotExpression( : CXFA_FMUnaryExpression(line, TOKksnot, std::move(pExp)) {} bool CXFA_FMNotExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[NOT]; javascript << L"("; if (!m_pExp->ToJavaScript(javascript)) @@ -553,6 +620,10 @@ uint32_t CXFA_FMCallExpression::IsMethodWithObjParam( } bool CXFA_FMCallExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + CFX_WideTextBuf funcName; if (!m_pExp->ToJavaScript(funcName)) return false; @@ -666,6 +737,10 @@ CXFA_FMDotAccessorExpression::CXFA_FMDotAccessorExpression( CXFA_FMDotAccessorExpression::~CXFA_FMDotAccessorExpression() {} bool CXFA_FMDotAccessorExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[DOT]; javascript << L"("; CFX_WideTextBuf tempExp1; @@ -713,6 +788,10 @@ CXFA_FMIndexExpression::CXFA_FMIndexExpression( m_bIsStarIndex(bIsStarIndex) {} bool CXFA_FMIndexExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + switch (m_accessorIndex) { case ACCESSOR_NO_INDEX: javascript << L"0"; @@ -757,6 +836,10 @@ CXFA_FMDotDotAccessorExpression::~CXFA_FMDotDotAccessorExpression() {} bool CXFA_FMDotDotAccessorExpression::ToJavaScript( CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << gs_lpStrExpFuncName[DOTDOT]; javascript << L"("; CFX_WideTextBuf tempExp1; @@ -790,6 +873,10 @@ CXFA_FMMethodCallExpression::CXFA_FMMethodCallExpression( std::move(pCallExp)) {} bool CXFA_FMMethodCallExpression::ToJavaScript(CFX_WideTextBuf& javascript) { + CXFA_FMToJavaScriptDepth depthManager; + if (!depthManager.IsWithinMaxDepth()) + return false; + javascript << L"(\nfunction ()\n{\n"; javascript << L"var method_return_value = null;\n"; javascript << L"var accessor_object = "; |