From a470b5e5371d0674d06068ec38d0d3c3279e85e1 Mon Sep 17 00:00:00 2001 From: weili Date: Tue, 23 Aug 2016 22:08:37 -0700 Subject: Fix stack overflow in object Clone() functions For some complex objects such as CPDF_Dictionary, CPDF_Array, CPDF_Stream, and CPDF_Reference, Clone() could be executed with infinite recursion to cause the stack overflow. Fix this by checking already cloned objects to avoid recursion. BUG=pdfium:513 Review-Url: https://codereview.chromium.org/2250533002 --- core/fpdfdoc/cpdf_interform.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'core/fpdfdoc/cpdf_interform.cpp') diff --git a/core/fpdfdoc/cpdf_interform.cpp b/core/fpdfdoc/cpdf_interform.cpp index cf728a7d4b..a6f73c620b 100644 --- a/core/fpdfdoc/cpdf_interform.cpp +++ b/core/fpdfdoc/cpdf_interform.cpp @@ -1403,7 +1403,7 @@ CPDF_FormField* CPDF_InterForm::AddTerminalField(CPDF_Dictionary* pFieldDict) { pField = new CPDF_FormField(this, pParent); CPDF_Object* pTObj = pDict->GetObjectBy("T"); if (ToReference(pTObj)) { - CPDF_Object* pClone = pTObj->Clone(TRUE); + CPDF_Object* pClone = pTObj->CloneDirectObject(); if (pClone) pDict->SetAt("T", pClone); else @@ -1535,7 +1535,7 @@ CFDF_Document* CPDF_InterForm::ExportToFDF( } else { CPDF_Object* pV = FPDF_GetFieldAttr(pField->m_pDict, "V"); if (pV) - pFieldDict->SetAt("V", pV->Clone(TRUE)); + pFieldDict->SetAt("V", pV->CloneDirectObject()); } pFields->Add(pFieldDict); } @@ -1587,8 +1587,8 @@ void CPDF_InterForm::FDF_ImportField(CPDF_Dictionary* pFieldDict, CPDF_FormField::Type eType = pField->GetType(); if ((eType == CPDF_FormField::ListBox || eType == CPDF_FormField::ComboBox) && pFieldDict->KeyExist("Opt")) { - pField->m_pDict->SetAt("Opt", - pFieldDict->GetDirectObjectBy("Opt")->Clone(TRUE)); + pField->m_pDict->SetAt( + "Opt", pFieldDict->GetDirectObjectBy("Opt")->CloneDirectObject()); } if (bNotify && m_pFormNotify) { -- cgit v1.2.3