Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2449)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 1569343002: Fix infinite loop caused by parsing same indirect objects (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: more name change Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « core/include/fpdfapi/fpdf_parser.h ('k') | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index 010b9b7c47213306e2d0d0a6ef1e50dbbd5cf9e5..7f2bd51dbfba9e4fbaf68052e6105b74c67a71ea 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -36,6 +36,20 @@ struct SearchTagRecord {
FX_DWORD m_Offset;
};
+template <typename T>
+class ScopedSetInsertion {
+ public:
+ ScopedSetInsertion(std::set<T>* org_set, T elem)
+ : m_Set(org_set), m_Entry(elem) {
+ m_Set->insert(m_Entry);
+ }
+ ~ScopedSetInsertion() { m_Set->erase(m_Entry); }
+
+ private:
+ std::set<T>* const m_Set;
+ const T m_Entry;
+};
+
int CompareFileSize(const void* p1, const void* p2) {
return *(FX_FILESIZE*)p1 - *(FX_FILESIZE*)p2;
}
@@ -1191,6 +1205,11 @@ CPDF_Object* CPDF_Parser::ParseIndirectObject(CPDF_IndirectObjects* pObjList,
if (!IsValidObjectNumber(objnum))
return nullptr;
+ // Prevent circular parsing the same object.
+ if (pdfium::ContainsKey(m_ParsingObjNums, objnum))
+ return nullptr;
+ ScopedSetInsertion<FX_DWORD> local_insert(&m_ParsingObjNums, objnum);
+
if (m_V5Type[objnum] == 1 || m_V5Type[objnum] == 255) {
FX_FILESIZE pos = m_ObjectInfo[objnum].pos;
if (pos <= 0)
« no previous file with comments | « core/include/fpdfapi/fpdf_parser.h ('k') | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698