From 885bba0b002e2a70e7808e65a53d6f977ddccd95 Mon Sep 17 00:00:00 2001 From: thestig Date: Mon, 23 May 2016 10:07:03 -0700 Subject: Fix infinite recursion in CPDF_DocPageData::GetColorSpace(). BUG=pdfium:497 Review-Url: https://codereview.chromium.org/2003873002 --- core/fpdfapi/fpdf_page/fpdf_page_doc.cpp | 31 +++++++++++++++++++++++++----- core/fpdfapi/fpdf_page/pageint.h | 5 +++++ core/fpdfapi/fpdf_parser/cpdf_document.cpp | 5 +++-- 3 files changed, 34 insertions(+), 7 deletions(-) diff --git a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp index f872906674..f0c5302b95 100644 --- a/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp +++ b/core/fpdfapi/fpdf_page/fpdf_page_doc.cpp @@ -19,6 +19,7 @@ #include "core/fpdfapi/fpdf_parser/include/cpdf_document.h" #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h" #include "core/fpdfapi/include/cpdf_modulemgr.h" +#include "third_party/base/stl_util.h" void CPDF_ModuleMgr::InitPageModule() { m_pPageModule.reset(new CPDF_PageModule); @@ -222,17 +223,29 @@ void CPDF_DocPageData::ReleaseFont(CPDF_Dictionary* pFontDict) { CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace( CPDF_Object* pCSObj, const CPDF_Dictionary* pResources) { + std::set visited; + return GetColorSpaceImpl(pCSObj, pResources, &visited); +} + +CPDF_ColorSpace* CPDF_DocPageData::GetColorSpaceImpl( + CPDF_Object* pCSObj, + const CPDF_Dictionary* pResources, + std::set* pVisited) { if (!pCSObj) return nullptr; + if (pdfium::ContainsKey(*pVisited, pCSObj)) + return nullptr; + if (pCSObj->IsName()) { CFX_ByteString name = pCSObj->GetString(); CPDF_ColorSpace* pCS = CPDF_ColorSpace::ColorspaceFromName(name); if (!pCS && pResources) { CPDF_Dictionary* pList = pResources->GetDictBy("ColorSpace"); if (pList) { - pCSObj = pList->GetDirectObjectBy(name); - return GetColorSpace(pCSObj, nullptr); + pdfium::ScopedSetInsertion insertion(pVisited, pCSObj); + return GetColorSpaceImpl(pList->GetDirectObjectBy(name), nullptr, + pVisited); } } if (!pCS || !pResources) @@ -254,14 +267,22 @@ CPDF_ColorSpace* CPDF_DocPageData::GetColorSpace( pDefaultCS = pColorSpaces->GetDirectObjectBy("DefaultCMYK"); break; } - return pDefaultCS ? GetColorSpace(pDefaultCS, nullptr) : pCS; + if (!pDefaultCS) + return pCS; + + pdfium::ScopedSetInsertion insertion(pVisited, pCSObj); + return GetColorSpaceImpl(pDefaultCS, nullptr, pVisited); } CPDF_Array* pArray = pCSObj->AsArray(); if (!pArray || pArray->GetCount() == 0) return nullptr; - if (pArray->GetCount() == 1) - return GetColorSpace(pArray->GetDirectObjectAt(0), pResources); + + if (pArray->GetCount() == 1) { + pdfium::ScopedSetInsertion insertion(pVisited, pCSObj); + return GetColorSpaceImpl(pArray->GetDirectObjectAt(0), pResources, + pVisited); + } CPDF_CountedColorSpace* csData = nullptr; auto it = m_ColorSpaceMap.find(pCSObj); diff --git a/core/fpdfapi/fpdf_page/pageint.h b/core/fpdfapi/fpdf_page/pageint.h index 64d106f1dc..b884338f76 100644 --- a/core/fpdfapi/fpdf_page/pageint.h +++ b/core/fpdfapi/fpdf_page/pageint.h @@ -10,6 +10,7 @@ #include #include #include +#include #include #include "core/fpdfapi/fpdf_page/cpdf_contentmark.h" @@ -356,6 +357,10 @@ class CPDF_DocPageData { using CPDF_ImageMap = std::map; using CPDF_PatternMap = std::map; + CPDF_ColorSpace* GetColorSpaceImpl(CPDF_Object* pCSObj, + const CPDF_Dictionary* pResources, + std::set* pVisited); + CPDF_Document* const m_pPDFDoc; FX_BOOL m_bForceClear; std::map m_HashProfileMap; diff --git a/core/fpdfapi/fpdf_parser/cpdf_document.cpp b/core/fpdfapi/fpdf_parser/cpdf_document.cpp index 13d9737b5b..79965a23bb 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_document.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_document.cpp @@ -394,9 +394,10 @@ int InsertDeletePDFPage(CPDF_Document* pDoc, } else { int nPages = pKid->GetIntegerBy("Count"); if (nPagesToGo < nPages) { - if (pdfium::ContainsValue(*pVisited, pKid)) + if (pdfium::ContainsKey(*pVisited, pKid)) return -1; - pdfium::ScopedSetInsertion(pVisited, pKid); + + pdfium::ScopedSetInsertion insertion(pVisited, pKid); if (InsertDeletePDFPage(pDoc, pKid, nPagesToGo, pPage, bInsert, pVisited) < 0) { return -1; -- cgit v1.2.3