From d61f958385be285f3f3897ef3a3f010048608f1c Mon Sep 17 00:00:00 2001 From: weili Date: Mon, 3 Oct 2016 12:10:55 -0700 Subject: Detect resursive loading of type3 font char to avoid infinite loop The original way of detecting loops was passing a level parameter through various functions. This missed some cases which also lead to load type3 font char, for example, FindFont() may call CheckType3FontMetrics() which may eventually lead to LoadChar(). The new way is to store the char loading depth, and abort when the depth exceeds the max. BUG=chromium:651304 Review-Url: https://codereview.chromium.org/2384853002 --- core/fpdfapi/fpdf_page/cpdf_textobject.cpp | 9 ++++----- core/fpdfapi/fpdf_page/cpdf_textobject.h | 3 +-- core/fpdfapi/fpdf_page/fpdf_page_parser.cpp | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) (limited to 'core/fpdfapi/fpdf_page') diff --git a/core/fpdfapi/fpdf_page/cpdf_textobject.cpp b/core/fpdfapi/fpdf_page/cpdf_textobject.cpp index 4b9f335ea3..1119d2965f 100644 --- a/core/fpdfapi/fpdf_page/cpdf_textobject.cpp +++ b/core/fpdfapi/fpdf_page/cpdf_textobject.cpp @@ -217,7 +217,7 @@ FX_FLOAT CPDF_TextObject::GetCharWidth(uint32_t charcode) const { bVertWriting = pCIDFont->IsVertWriting(); } if (!bVertWriting) - return pFont->GetCharWidthF(charcode, 0) * fontsize; + return pFont->GetCharWidthF(charcode) * fontsize; uint16_t CID = pCIDFont->CIDFromCharCode(charcode); return pCIDFont->GetVertWidth(CID) * fontsize; @@ -241,8 +241,7 @@ FX_FLOAT CPDF_TextObject::GetFontSize() const { void CPDF_TextObject::CalcPositionData(FX_FLOAT* pTextAdvanceX, FX_FLOAT* pTextAdvanceY, - FX_FLOAT horz_scale, - int level) { + FX_FLOAT horz_scale) { FX_FLOAT curpos = 0; FX_FLOAT min_x = 10000 * 1.0f; FX_FLOAT max_x = -10000 * 1.0f; @@ -265,7 +264,7 @@ void CPDF_TextObject::CalcPositionData(FX_FLOAT* pTextAdvanceX, } m_pCharPos[i - 1] = curpos; } - FX_RECT char_rect = pFont->GetCharBBox(charcode, level); + FX_RECT char_rect = pFont->GetCharBBox(charcode); FX_FLOAT charwidth; if (!bVertWriting) { if (min_y > char_rect.top) { @@ -294,7 +293,7 @@ void CPDF_TextObject::CalcPositionData(FX_FLOAT* pTextAdvanceX, if (max_x < char_right) { max_x = char_right; } - charwidth = pFont->GetCharWidthF(charcode, level) * fontsize / 1000; + charwidth = pFont->GetCharWidthF(charcode) * fontsize / 1000; } else { uint16_t CID = pCIDFont->CIDFromCharCode(charcode); short vx; diff --git a/core/fpdfapi/fpdf_page/cpdf_textobject.h b/core/fpdfapi/fpdf_page/cpdf_textobject.h index c09da96040..05a08a9c89 100644 --- a/core/fpdfapi/fpdf_page/cpdf_textobject.h +++ b/core/fpdfapi/fpdf_page/cpdf_textobject.h @@ -56,8 +56,7 @@ class CPDF_TextObject : public CPDF_PageObject { void CalcPositionData(FX_FLOAT* pTextAdvanceX, FX_FLOAT* pTextAdvanceY, - FX_FLOAT horz_scale, - int level = 0); + FX_FLOAT horz_scale); FX_FLOAT m_PosX; FX_FLOAT m_PosY; diff --git a/core/fpdfapi/fpdf_page/fpdf_page_parser.cpp b/core/fpdfapi/fpdf_page/fpdf_page_parser.cpp index 18a2e2d882..4fc4bdc934 100644 --- a/core/fpdfapi/fpdf_page/fpdf_page_parser.cpp +++ b/core/fpdfapi/fpdf_page/fpdf_page_parser.cpp @@ -1252,7 +1252,7 @@ void CPDF_StreamContentParser::AddTextObject(CFX_ByteString* pStrs, FX_FLOAT x_advance; FX_FLOAT y_advance; pText->CalcPositionData(&x_advance, &y_advance, - m_pCurStates->m_TextHorzScale, m_Level); + m_pCurStates->m_TextHorzScale); m_pCurStates->m_TextX += x_advance; m_pCurStates->m_TextY += y_advance; if (TextRenderingModeIsClipMode(text_mode)) { -- cgit v1.2.3