Chromium Code Reviews Chromium Code Reviews
Issue 2250533002:
Fix stack overflow in object Clone() functions (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2016 PDFium Authors. All rights reserved. | 1 // Copyright 2016 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" | 7 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" |
| 8 | 8 |
| 9 #include "core/fpdfapi/fpdf_parser/include/cpdf_name.h" | 9 #include "core/fpdfapi/fpdf_parser/include/cpdf_name.h" |
| 10 #include "core/fpdfapi/fpdf_parser/include/cpdf_number.h" | 10 #include "core/fpdfapi/fpdf_parser/include/cpdf_number.h" |
| 11 #include "core/fpdfapi/fpdf_parser/include/cpdf_reference.h" | 11 #include "core/fpdfapi/fpdf_parser/include/cpdf_reference.h" |
| 12 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream.h" | 12 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream.h" |
| 13 #include "core/fpdfapi/fpdf_parser/include/cpdf_string.h" | 13 #include "core/fpdfapi/fpdf_parser/include/cpdf_string.h" |
| 14 #include "third_party/base/stl_util.h" | |
| 14 | 15 |
| 15 CPDF_Array::CPDF_Array() {} | 16 CPDF_Array::CPDF_Array() {} |
| 16 | 17 |
| 17 CPDF_Array::~CPDF_Array() { | 18 CPDF_Array::~CPDF_Array() { |
| 18 for (auto& it : m_Objects) { | 19 for (auto& it : m_Objects) { |
| 19 if (it) | 20 if (it) |
| 20 it->Release(); | 21 it->Release(); |
| 21 } | 22 } |
| 22 } | 23 } |
| 23 | 24 |
| 24 CPDF_Object::Type CPDF_Array::GetType() const { | 25 CPDF_Object::Type CPDF_Array::GetType() const { |
| 25 return ARRAY; | 26 return ARRAY; |
| 26 } | 27 } |
| 27 | 28 |
| 28 bool CPDF_Array::IsArray() const { | 29 bool CPDF_Array::IsArray() const { |
| 29 return true; | 30 return true; |
| 30 } | 31 } |
| 31 | 32 |
| 32 CPDF_Array* CPDF_Array::AsArray() { | 33 CPDF_Array* CPDF_Array::AsArray() { |
| 33 return this; | 34 return this; |
| 34 } | 35 } |
| 35 | 36 |
| 36 const CPDF_Array* CPDF_Array::AsArray() const { | 37 const CPDF_Array* CPDF_Array::AsArray() const { |
| 37 return this; | 38 return this; |
| 38 } | 39 } |
| 39 | 40 |
| 40 CPDF_Object* CPDF_Array::Clone(FX_BOOL bDirect) const { | 41 CPDF_Object* CPDF_Array::Clone() const { |
| 42 return CloneDeRef(false); | |
| 43 } | |
| 44 | |
| 45 CPDF_Object* CPDF_Array::CloneWithCheck( | |
|
dsinclair
2016/08/18 14:04:31
Not a huge fan of the name as WithCheck doesn't te
Wei Li
2016/08/18 22:02:30
Couldn't think a better one, go with yours :)
| |
| 46 bool bDirect, | |
| 47 std::set<const CPDF_Object*>* pVisited) const { | |
| 48 pVisited->insert(this); | |
| 41 CPDF_Array* pCopy = new CPDF_Array(); | 49 CPDF_Array* pCopy = new CPDF_Array(); |
| 42 for (size_t i = 0; i < GetCount(); i++) { | 50 for (size_t i = 0; i < GetCount(); i++) { |
| 43 CPDF_Object* value = m_Objects.at(i); | 51 CPDF_Object* value = m_Objects.at(i); |
| 44 pCopy->m_Objects.push_back(value->Clone(bDirect)); | 52 if (!pdfium::ContainsKey(*pVisited, value)) |
| 53 pCopy->m_Objects.push_back(value->CloneWithCheck(bDirect, pVisited)); | |
| 45 } | 54 } |
| 46 return pCopy; | 55 return pCopy; |
| 47 } | 56 } |
| 48 | 57 |
| 49 CFX_FloatRect CPDF_Array::GetRect() { | 58 CFX_FloatRect CPDF_Array::GetRect() { |
| 50 CFX_FloatRect rect; | 59 CFX_FloatRect rect; |
| 51 if (!IsArray() || m_Objects.size() != 4) | 60 if (!IsArray() || m_Objects.size() != 4) |
| 52 return rect; | 61 return rect; |
| 53 | 62 |
| 54 rect.left = GetNumberAt(0); | 63 rect.left = GetNumberAt(0); |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 191 ASSERT(IsArray()); | 200 ASSERT(IsArray()); |
| 192 CPDF_Number* pNumber = new CPDF_Number(f); | 201 CPDF_Number* pNumber = new CPDF_Number(f); |
| 193 Add(pNumber); | 202 Add(pNumber); |
| 194 } | 203 } |
| 195 | 204 |
| 196 void CPDF_Array::AddReference(CPDF_IndirectObjectHolder* pDoc, | 205 void CPDF_Array::AddReference(CPDF_IndirectObjectHolder* pDoc, |
| 197 uint32_t objnum) { | 206 uint32_t objnum) { |
| 198 ASSERT(IsArray()); | 207 ASSERT(IsArray()); |
| 199 Add(new CPDF_Reference(pDoc, objnum)); | 208 Add(new CPDF_Reference(pDoc, objnum)); |
| 200 } | 209 } |
| OLD | NEW |
