From a470b5e5371d0674d06068ec38d0d3c3279e85e1 Mon Sep 17 00:00:00 2001
From: weili <weili@chromium.org>
Date: Tue, 23 Aug 2016 22:08:37 -0700
Subject: Fix stack overflow in object Clone() functions

For some complex objects such as CPDF_Dictionary, CPDF_Array,
CPDF_Stream, and CPDF_Reference, Clone() could be executed with
infinite recursion to cause the stack overflow. Fix this by
checking already cloned objects to avoid recursion.

BUG=pdfium:513

Review-Url: https://codereview.chromium.org/2250533002
---
 core/fpdfapi/fpdf_parser/cpdf_object.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'core/fpdfapi/fpdf_parser/cpdf_object.cpp')

diff --git a/core/fpdfapi/fpdf_parser/cpdf_object.cpp b/core/fpdfapi/fpdf_parser/cpdf_object.cpp
index ec967d1032..7da12a2b4f 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_object.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_object.cpp
@@ -22,6 +22,21 @@ CPDF_Object* CPDF_Object::GetDirect() const {
   return const_cast<CPDF_Object*>(this);
 }
 
+CPDF_Object* CPDF_Object::CloneObjectNonCyclic(bool bDirect) const {
+  std::set<const CPDF_Object*> visited_objs;
+  return CloneNonCyclic(bDirect, &visited_objs);
+}
+
+CPDF_Object* CPDF_Object::CloneDirectObject() const {
+  return CloneObjectNonCyclic(true);
+}
+
+CPDF_Object* CPDF_Object::CloneNonCyclic(
+    bool bDirect,
+    std::set<const CPDF_Object*>* pVisited) const {
+  return Clone();
+}
+
 void CPDF_Object::Release() {
   if (m_ObjNum)
     return;
-- 
cgit v1.2.3