From 7c2daec0a5f5d5e0f442db7946e9356daa7c55b2 Mon Sep 17 00:00:00 2001
From: Henrique Nakashima <hnakashima@chromium.org>
Date: Tue, 17 Oct 2017 16:00:23 -0400
Subject: Fix loading mutually referencing colorspaces.

CPDF_DeviceNCS and CPDF_SeparationCS can load other colorspaces and
their v_Load() needs to pass around a set of visited spaces to avoid
stack overflows if that other colorspace references the first one.

Bug: chromium:773095
Change-Id: Idae26c95a8034c3ded70f70e20ae1c414d7b29c3
Reviewed-on: https://pdfium-review.googlesource.com/16250
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
---
 core/fpdfapi/page/cpdf_colorspace.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/fpdfapi/page/cpdf_colorspace.cpp b/core/fpdfapi/page/cpdf_colorspace.cpp
index 97a0c1584c..dd13bf5049 100644
--- a/core/fpdfapi/page/cpdf_colorspace.cpp
+++ b/core/fpdfapi/page/cpdf_colorspace.cpp
@@ -1091,7 +1091,7 @@ bool CPDF_SeparationCS::v_Load(CPDF_Document* pDoc,
   if (pAltCS == m_pArray)
     return false;
 
-  m_pAltCS = Load(pDoc, pAltCS);
+  m_pAltCS = Load(pDoc, pAltCS, pVisited);
   if (!m_pAltCS)
     return false;
 
@@ -1169,7 +1169,7 @@ bool CPDF_DeviceNCS::v_Load(CPDF_Document* pDoc,
   if (!pAltCS || pAltCS == m_pArray)
     return false;
 
-  m_pAltCS = Load(pDoc, pAltCS);
+  m_pAltCS = Load(pDoc, pAltCS, pVisited);
   m_pFunc = CPDF_Function::Load(pArray->GetDirectObjectAt(3));
   if (!m_pAltCS || !m_pFunc)
     return false;
-- 
cgit v1.2.3