Chromium Code Reviews Chromium Code Reviews
Issue 1569343002:
Fix infinite loop caused by parsing same indirect objects (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #ifndef CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ | 7 #ifndef CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ |
| 8 #define CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ | 8 #define CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| 11 #include <memory> | 11 #include <memory> |
| 12 #include <set> | |
| 12 | 13 |
| 13 #include "core/include/fpdfapi/fpdf_objects.h" | 14 #include "core/include/fpdfapi/fpdf_objects.h" |
| 14 #include "core/include/fxcrt/fx_system.h" | 15 #include "core/include/fxcrt/fx_system.h" |
| 15 | 16 |
| 16 class CFX_Font; | 17 class CFX_Font; |
| 17 class CFX_Matrix; | 18 class CFX_Matrix; |
| 18 class CPDF_ColorSpace; | 19 class CPDF_ColorSpace; |
| 19 class CPDF_CryptoHandler; | 20 class CPDF_CryptoHandler; |
| 20 class CPDF_DocPageData; | 21 class CPDF_DocPageData; |
| 21 class CPDF_DocRenderData; | 22 class CPDF_DocRenderData; |
| (...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 357 FX_FILESIZE m_DataEnd; | 358 FX_FILESIZE m_DataEnd; |
| 358 }; | 359 }; |
| 359 | 360 |
| 360 #define PDFPARSE_ERROR_SUCCESS 0 | 361 #define PDFPARSE_ERROR_SUCCESS 0 |
| 361 #define PDFPARSE_ERROR_FILE 1 | 362 #define PDFPARSE_ERROR_FILE 1 |
| 362 #define PDFPARSE_ERROR_FORMAT 2 | 363 #define PDFPARSE_ERROR_FORMAT 2 |
| 363 #define PDFPARSE_ERROR_PASSWORD 3 | 364 #define PDFPARSE_ERROR_PASSWORD 3 |
| 364 #define PDFPARSE_ERROR_HANDLER 4 | 365 #define PDFPARSE_ERROR_HANDLER 4 |
| 365 #define PDFPARSE_ERROR_CERT 5 | 366 #define PDFPARSE_ERROR_CERT 5 |
| 366 | 367 |
| 368 template <typename T> | |
| 369 class ScopedSetInsertion { | |
|
Lei Zhang
2016/01/08 20:27:07
Move this to fpdf_parser_parser.cpp's anonymous na
Wei Li
2016/01/08 22:01:50
Done.
| |
| 370 public: | |
| 371 ScopedSetInsertion(std::set<T>* org_set, T elem) { | |
| 372 org_set->insert(elem); | |
| 373 set = org_set; | |
|
Lei Zhang
2016/01/08 20:27:07
Put these in the initializer list instead?
Wei Li
2016/01/08 22:01:50
Done.
| |
| 374 entry = elem; | |
| 375 } | |
| 376 ~ScopedSetInsertion() { set->erase(entry); } | |
| 377 | |
| 378 private: | |
| 379 std::set<T>* set; | |
|
Lei Zhang
2016/01/08 20:27:07
std::set<T>* const m_set;
Lei Zhang
2016/01/08 20:27:07
m_set / m_entry
Wei Li
2016/01/08 22:01:50
Done.
Wei Li
2016/01/08 22:01:50
Done.
| |
| 380 T entry; | |
| 381 }; | |
| 382 | |
| 367 class CPDF_Parser { | 383 class CPDF_Parser { |
| 368 public: | 384 public: |
| 369 CPDF_Parser(); | 385 CPDF_Parser(); |
| 370 ~CPDF_Parser(); | 386 ~CPDF_Parser(); |
| 371 | 387 |
| 372 FX_DWORD StartParse(IFX_FileRead* pFile, | 388 FX_DWORD StartParse(IFX_FileRead* pFile, |
| 373 FX_BOOL bReParse = FALSE, | 389 FX_BOOL bReParse = FALSE, |
| 374 FX_BOOL bOwnFileRead = TRUE); | 390 FX_BOOL bOwnFileRead = TRUE); |
| 375 | 391 |
| 376 void CloseParser(FX_BOOL bReParse = FALSE); | 392 void CloseParser(FX_BOOL bReParse = FALSE); |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 529 CFX_MapPtrToPtr m_ObjectStreamMap; | 545 CFX_MapPtrToPtr m_ObjectStreamMap; |
| 530 | 546 |
| 531 // Mapping of object numbers to offsets. The offsets are relative to the first | 547 // Mapping of object numbers to offsets. The offsets are relative to the first |
| 532 // object in the stream. | 548 // object in the stream. |
| 533 using StreamObjectCache = std::map<FX_DWORD, FX_DWORD>; | 549 using StreamObjectCache = std::map<FX_DWORD, FX_DWORD>; |
| 534 | 550 |
| 535 // Mapping of streams to their object caches. This is valid as long as the | 551 // Mapping of streams to their object caches. This is valid as long as the |
| 536 // streams in |m_ObjectStreamMap| are valid. | 552 // streams in |m_ObjectStreamMap| are valid. |
| 537 std::map<CPDF_StreamAcc*, StreamObjectCache> m_ObjCache; | 553 std::map<CPDF_StreamAcc*, StreamObjectCache> m_ObjCache; |
| 538 | 554 |
| 555 // All indirect object numbers that are being parsed. | |
| 556 std::set<FX_DWORD> objnums_in_processing; | |
|
Lei Zhang
2016/01/08 20:27:07
Also m_SomeThing.
Wei Li
2016/01/08 22:01:50
Done.
| |
| 557 | |
| 539 friend class CPDF_Creator; | 558 friend class CPDF_Creator; |
| 540 friend class CPDF_DataAvail; | 559 friend class CPDF_DataAvail; |
| 541 }; | 560 }; |
| 542 | 561 |
| 543 #define FXCIPHER_NONE 0 | 562 #define FXCIPHER_NONE 0 |
| 544 #define FXCIPHER_RC4 1 | 563 #define FXCIPHER_RC4 1 |
| 545 #define FXCIPHER_AES 2 | 564 #define FXCIPHER_AES 2 |
| 546 #define FXCIPHER_AES2 3 | 565 #define FXCIPHER_AES2 3 |
| 547 class CPDF_SecurityHandler { | 566 class CPDF_SecurityHandler { |
| 548 public: | 567 public: |
| (...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 975 FX_DWORD src_size, | 994 FX_DWORD src_size, |
| 976 const CPDF_Dictionary* pDict, | 995 const CPDF_Dictionary* pDict, |
| 977 uint8_t*& dest_buf, | 996 uint8_t*& dest_buf, |
| 978 FX_DWORD& dest_size, | 997 FX_DWORD& dest_size, |
| 979 CFX_ByteString& ImageEncoding, | 998 CFX_ByteString& ImageEncoding, |
| 980 CPDF_Dictionary*& pImageParms, | 999 CPDF_Dictionary*& pImageParms, |
| 981 FX_DWORD estimated_size, | 1000 FX_DWORD estimated_size, |
| 982 FX_BOOL bImageAcc); | 1001 FX_BOOL bImageAcc); |
| 983 | 1002 |
| 984 #endif // CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ | 1003 #endif // CORE_INCLUDE_FPDFAPI_FPDF_PARSER_H_ |
| OLD | NEW |
