From 4dcf74dc6024ece0dc146a64be983ae2ff9df63d Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Tue, 3 Feb 2015 16:24:43 -0800 Subject: Merge to XFA: Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor() Original Review URL: https://codereview.chromium.org/880043004 TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/893333003 --- core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'core/src') diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index 53ee762250..c95e616a07 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -2747,7 +2747,11 @@ public: } virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *pPos, FX_DWORD *pSize) FX_OVERRIDE; + protected: + static const int kMaxDataAvailRecursionDepth = 64; + static int s_CurrentDataAvailRecursionDepth; + FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESIZE& offset); FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints); @@ -2923,6 +2927,9 @@ IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead); } +// static +int CPDF_DataAvail::s_CurrentDataAvailRecursionDepth = 0; + CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead) : IPDF_DataAvail(pFileAvail, pFileRead) { @@ -4399,6 +4406,10 @@ FX_BOOL CPDF_DataAvail::CheckLinearizedFirstPage(FX_INT32 iPage, IFX_DownloadHin } FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) { + CFX_AutoRestorer restorer(&s_CurrentDataAvailRecursionDepth); + if (++s_CurrentDataAvailRecursionDepth > kMaxDataAvailRecursionDepth) { + return FALSE; + } CPDF_Object *pParent = pDict->GetElement("Parent"); if (!pParent) { return FALSE; @@ -4411,9 +4422,8 @@ FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) if (pRet) { m_pPageResource = pRet; return TRUE; - } else { - return HaveResourceAncestor(pParentDict); } + return HaveResourceAncestor(pParentDict); } FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints) { -- cgit v1.2.3