Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issue 2250533002: Fix stack overflow in object Clone() functions (Closed)

Created:
4 years, 4 months ago by Wei Li
Modified:
4 years, 4 months ago
Reviewers:
Lei Zhang, dsinclair
CC:
pdfium-reviews_googlegroups.com
Base URL:
https://pdfium.googlesource.com/pdfium.git@master
Target Ref:
refs/heads/master
Project:
pdfium
Visibility:
Public.

Description

Fix stack overflow in object Clone() functions For some complex objects such as CPDF_Dictionary, CPDF_Array, CPDF_Stream, and CPDF_Reference, Clone() could be executed with infinite recursion to cause the stack overflow. Fix this by checking already cloned objects to avoid recursion. BUG=pdfium:513 Committed: https://pdfium.googlesource.com/pdfium/+/a470b5e5371d0674d06068ec38d0d3c3279e85e1

Patch Set 1 : add checks #

Patch Set 2 : remove default param #

Patch Set 3 : tidy up #

Patch Set 4 : prevent release loop #

Patch Set 5 : add tests #

Patch Set 6 : fix holder release #

Patch Set 7 : rebase #

Patch Set 8 : change due to rebase #

Total comments: 26

Patch Set 9 : address comments #

Total comments: 12

Patch Set 10 : address more comments #

Patch Set 11 : rebase #

Patch Set 12 : change needed after rebase #

Patch Set 13 : rebase again #

Unified diffs Side-by-side diffs Delta from patch set Stats (+191 lines, -36 lines) Patch
M core/fpdfapi/fpdf_page/cpdf_image.cpp View 1 2 3 4 5 6 7 8 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_array.cpp View 1 2 3 4 5 6 7 8 2 chunks +14 lines, -2 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_array_unittest.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 1 chunk +2 lines, -2 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_boolean.h View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_boolean.cpp View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp View 1 2 3 4 5 6 7 8 2 chunks +16 lines, -3 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_name.cpp View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_null.h View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_null.cpp View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_number.cpp View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_object.cpp View 1 2 3 4 5 6 7 8 1 chunk +15 lines, -0 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp View 1 2 3 4 5 6 7 8 9 10 11 12 2 chunks +51 lines, -0 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_reference.cpp View 1 2 3 4 5 6 7 8 11 12 2 chunks +12 lines, -2 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_stream.cpp View 1 2 3 4 5 6 7 8 3 chunks +14 lines, -3 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_string.cpp View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_array.h View 1 2 3 4 5 6 7 8 3 chunks +6 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h View 1 2 3 4 5 6 7 8 9 3 chunks +6 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_name.h View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_number.h View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_object.h View 1 2 3 4 5 6 7 8 9 10 3 chunks +27 lines, -4 lines 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_reference.h View 1 2 3 4 5 6 7 8 3 chunks +6 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_stream.h View 1 2 3 4 5 6 7 8 3 chunks +6 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_string.h View 1 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfdoc/cpdf_interform.cpp View 1 2 3 4 5 6 7 8 3 chunks +4 lines, -4 lines 0 comments Download
M fpdfsdk/fpdfppo.cpp View 1 2 3 4 5 6 7 8 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 56 (46 generated)
Wei Li
pls review, thanks
4 years, 4 months ago (2016-08-17 21:41:05 UTC) #19
dsinclair
https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_array.cpp File core/fpdfapi/fpdf_parser/cpdf_array.cpp (right): https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_array.cpp#newcode45 core/fpdfapi/fpdf_parser/cpdf_array.cpp:45: CPDF_Object* CPDF_Array::CloneWithCheck( Not a huge fan of the name ...
4 years, 4 months ago (2016-08-18 14:04:31 UTC) #20
Lei Zhang
https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp File core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp (right): https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp#newcode57 core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp:57: auto value = it.second; auto* ? https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp File core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp ...
4 years, 4 months ago (2016-08-18 15:16:44 UTC) #21
Wei Li
ptal, thanks https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_array.cpp File core/fpdfapi/fpdf_parser/cpdf_array.cpp (right): https://codereview.chromium.org/2250533002/diff/220001/core/fpdfapi/fpdf_parser/cpdf_array.cpp#newcode45 core/fpdfapi/fpdf_parser/cpdf_array.cpp:45: CPDF_Object* CPDF_Array::CloneWithCheck( On 2016/08/18 14:04:31, dsinclair wrote: ...
4 years, 4 months ago (2016-08-18 22:02:30 UTC) #27
Lei Zhang
https://codereview.chromium.org/2250533002/diff/260001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp File core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp (right): https://codereview.chromium.org/2250533002/diff/260001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp#newcode750 core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp:750: TEST(PDFObjectTest, CloneCheckLoop) { TEST skips SetUp() vs TEST_F? https://codereview.chromium.org/2250533002/diff/260001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp#newcode764 ...
4 years, 4 months ago (2016-08-19 16:21:09 UTC) #29
Wei Li
ptal, thanks https://codereview.chromium.org/2250533002/diff/260001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp File core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp (right): https://codereview.chromium.org/2250533002/diff/260001/core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp#newcode750 core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp:750: TEST(PDFObjectTest, CloneCheckLoop) { On 2016/08/19 16:21:08, Lei ...
4 years, 4 months ago (2016-08-19 18:14:57 UTC) #40
dsinclair
lgtm
4 years, 4 months ago (2016-08-23 13:17:47 UTC) #41
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2250533002/420001
4 years, 4 months ago (2016-08-24 05:08:18 UTC) #53
commit-bot: I haz the power
Committed patchset #13 (id:420001) as https://pdfium.googlesource.com/pdfium/+/a470b5e5371d0674d06068ec38d0d3c3279e85e1
4 years, 4 months ago (2016-08-24 05:08:41 UTC) #55
Lei Zhang
4 years, 4 months ago (2016-08-24 05:11:24 UTC) #56
Message was sent while issue was closed.
lgtm

Powered by Google App Engine
This is Rietveld 408576698