From 5ae6c564d16ce8b625df3d1950abc822f9ecc987 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Wed, 17 Oct 2018 17:57:51 +0000 Subject: Add CPDF_{Array,Dictionary}Locker to catch illegal iteration patterns. Move begin/end methods onto locker object which tracks whether iterators are in existence. Change-Id: Ia869f313fce48d10a0d0180d0cc083eed6ea1584 Reviewed-on: https://pdfium-review.googlesource.com/c/44070 Reviewed-by: Lei Zhang Commit-Queue: Tom Sepez --- core/fpdfapi/page/cpdf_allstates.cpp | 3 +- core/fpdfapi/page/cpdf_colorspace.cpp | 3 +- core/fpdfapi/page/cpdf_streamcontentparser.cpp | 51 ++++++++++++++------------ 3 files changed, 31 insertions(+), 26 deletions(-) (limited to 'core/fpdfapi/page') diff --git a/core/fpdfapi/page/cpdf_allstates.cpp b/core/fpdfapi/page/cpdf_allstates.cpp index 9af904cb5d..3e6692b223 100644 --- a/core/fpdfapi/page/cpdf_allstates.cpp +++ b/core/fpdfapi/page/cpdf_allstates.cpp @@ -39,7 +39,8 @@ void CPDF_AllStates::SetLineDash(CPDF_Array* pArray, float phase, float scale) { void CPDF_AllStates::ProcessExtGS(CPDF_Dictionary* pGS, CPDF_StreamContentParser* pParser) { - for (const auto& it : *pGS) { + CPDF_DictionaryLocker locker(pGS); + for (const auto& it : locker) { const ByteString& key_str = it.first; CPDF_Object* pElement = it.second.get(); CPDF_Object* pObject = pElement ? pElement->GetDirect() : nullptr; diff --git a/core/fpdfapi/page/cpdf_colorspace.cpp b/core/fpdfapi/page/cpdf_colorspace.cpp index 2266dec9e8..bcfd42d72f 100644 --- a/core/fpdfapi/page/cpdf_colorspace.cpp +++ b/core/fpdfapi/page/cpdf_colorspace.cpp @@ -461,7 +461,8 @@ std::unique_ptr CPDF_ColorSpace::Load( if (!pDict) return nullptr; - for (const auto& it : *pDict) { + CPDF_DictionaryLocker locker(pDict); + for (const auto& it : locker) { std::unique_ptr pRet; CPDF_Object* pValue = it.second.get(); if (ToName(pValue)) diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp index 79fa3d2890..beba208739 100644 --- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp +++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp @@ -174,36 +174,39 @@ ByteStringView FindFullName(const AbbrPair* table, void ReplaceAbbr(CPDF_Object* pObj) { switch (pObj->GetType()) { case CPDF_Object::DICTIONARY: { - CPDF_Dictionary* pDict = pObj->AsDictionary(); std::vector replacements; - for (const auto& it : *pDict) { - ByteString key = it.first; - CPDF_Object* value = it.second.get(); - ByteStringView fullname = FindFullName( - InlineKeyAbbr, FX_ArraySize(InlineKeyAbbr), key.AsStringView()); - if (!fullname.IsEmpty()) { - AbbrReplacementOp op; - op.is_replace_key = true; - op.key = std::move(key); - op.replacement = fullname; - replacements.push_back(op); - key = fullname; - } - - if (value->IsName()) { - ByteString name = value->GetString(); - fullname = - FindFullName(InlineValueAbbr, FX_ArraySize(InlineValueAbbr), - name.AsStringView()); + CPDF_Dictionary* pDict = pObj->AsDictionary(); + { + CPDF_DictionaryLocker locker(pDict); + for (const auto& it : locker) { + ByteString key = it.first; + CPDF_Object* value = it.second.get(); + ByteStringView fullname = FindFullName( + InlineKeyAbbr, FX_ArraySize(InlineKeyAbbr), key.AsStringView()); if (!fullname.IsEmpty()) { AbbrReplacementOp op; - op.is_replace_key = false; - op.key = key; + op.is_replace_key = true; + op.key = std::move(key); op.replacement = fullname; replacements.push_back(op); + key = fullname; + } + + if (value->IsName()) { + ByteString name = value->GetString(); + fullname = + FindFullName(InlineValueAbbr, FX_ArraySize(InlineValueAbbr), + name.AsStringView()); + if (!fullname.IsEmpty()) { + AbbrReplacementOp op; + op.is_replace_key = false; + op.key = key; + op.replacement = fullname; + replacements.push_back(op); + } + } else { + ReplaceAbbr(value); } - } else { - ReplaceAbbr(value); } } for (const auto& op : replacements) { -- cgit v1.2.3