pdf/pdfium/pdfium_engine.cc - Issue 1401263005: Stack exhaustion if PDFium returns circular bookmarks.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: pdf/pdfium/pdfium_engine.cc

Issue 1401263005: Stack exhaustion if PDFium returns circular bookmarks. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Depth goes last. Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: pdf/pdfium/pdfium_engine.cc

diff --git a/pdf/pdfium/pdfium_engine.cc b/pdf/pdfium/pdfium_engine.cc

index 369aa206b3d54ee0eec04ad5df5c28d84f2d786b..67be88d96af7b07691fb585c5c0288967d4579a9 100644

--- a/pdf/pdfium/pdfium_engine.cc

+++ b/pdf/pdfium/pdfium_engine.cc

@@ -544,7 +544,9 @@ void FormatStringForOS(base::string16* text) {

// child VarDictionaries (representing the child bookmarks).

// If NULL is passed in as the bookmark then we traverse from the "root".

// Note that the "root" bookmark contains no useful information.

-pp::VarDictionary TraverseBookmarks(FPDF_DOCUMENT doc, FPDF_BOOKMARK bookmark) {

+pp::VarDictionary TraverseBookmarks(FPDF_DOCUMENT doc,

+ FPDF_BOOKMARK bookmark,

+ unsigned int depth) {

pp::VarDictionary dict;

base::string16 title;

unsigned long buffer_size = FPDFBookmark_GetTitle(bookmark, NULL, 0);

@@ -564,12 +566,19 @@ pp::VarDictionary TraverseBookmarks(FPDF_DOCUMENT doc, FPDF_BOOKMARK bookmark) {

}

pp::VarArray children;

- int child_index = 0;

- for (FPDF_BOOKMARK child_bookmark = FPDFBookmark_GetFirstChild(doc, bookmark);

- child_bookmark != NULL;

- child_bookmark = FPDFBookmark_GetNextSibling(doc, child_bookmark)) {

- children.Set(child_index, TraverseBookmarks(doc, child_bookmark));

- child_index++;

+ // Don't trust PDFium to handle circular bookmarks.

+ const unsigned int kMaxDepth = 128;

+ if (depth < kMaxDepth) {

+ int child_index = 0;

+ for (FPDF_BOOKMARK child_bookmark =

+ FPDFBookmark_GetFirstChild(doc, bookmark);

+ child_bookmark != NULL;

+ child_bookmark = FPDFBookmark_GetNextSibling(doc, child_bookmark)) {

+ children.Set(child_index,

+ TraverseBookmarks(doc, child_bookmark, depth + 1));

+ child_index++;

+ }

}

dict.Set(pp::Var("children"), children);

return dict;

@@ -2433,7 +2442,7 @@ int PDFiumEngine::GetNumberOfPages() {

}

pp::VarArray PDFiumEngine::GetBookmarks() {

- pp::VarDictionary dict = TraverseBookmarks(doc_, NULL);

+ pp::VarDictionary dict = TraverseBookmarks(doc_, NULL, 0);

// The root bookmark contains no useful information.

return pp::VarArray(dict.Get(pp::Var("children")));

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »