Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(386)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_parser/cpdf_array.cpp

Issue 2250533002: Fix stack overflow in object Clone() functions (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: rebase again Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/fpdfapi/fpdf_page/cpdf_image.cpp ('k') | core/fpdfapi/fpdf_parser/cpdf_array_unittest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 PDFium Authors. All rights reserved. 1 // Copyright 2016 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h" 7 #include "core/fpdfapi/fpdf_parser/include/cpdf_array.h"
8 8
9 #include "core/fpdfapi/fpdf_parser/include/cpdf_name.h" 9 #include "core/fpdfapi/fpdf_parser/include/cpdf_name.h"
10 #include "core/fpdfapi/fpdf_parser/include/cpdf_number.h" 10 #include "core/fpdfapi/fpdf_parser/include/cpdf_number.h"
11 #include "core/fpdfapi/fpdf_parser/include/cpdf_reference.h" 11 #include "core/fpdfapi/fpdf_parser/include/cpdf_reference.h"
12 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream.h" 12 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream.h"
13 #include "core/fpdfapi/fpdf_parser/include/cpdf_string.h" 13 #include "core/fpdfapi/fpdf_parser/include/cpdf_string.h"
14 #include "third_party/base/stl_util.h"
14 15
15 CPDF_Array::CPDF_Array() {} 16 CPDF_Array::CPDF_Array() {}
16 17
17 CPDF_Array::~CPDF_Array() { 18 CPDF_Array::~CPDF_Array() {
19 // Mark the object as deleted so that it will not be deleted again
20 // in case of cyclic references.
21 m_ObjNum = kInvalidObjNum;
18 for (auto& it : m_Objects) { 22 for (auto& it : m_Objects) {
19 if (it) 23 if (it)
20 it->Release(); 24 it->Release();
21 } 25 }
22 } 26 }
23 27
24 CPDF_Object::Type CPDF_Array::GetType() const { 28 CPDF_Object::Type CPDF_Array::GetType() const {
25 return ARRAY; 29 return ARRAY;
26 } 30 }
27 31
28 bool CPDF_Array::IsArray() const { 32 bool CPDF_Array::IsArray() const {
29 return true; 33 return true;
30 } 34 }
31 35
32 CPDF_Array* CPDF_Array::AsArray() { 36 CPDF_Array* CPDF_Array::AsArray() {
33 return this; 37 return this;
34 } 38 }
35 39
36 const CPDF_Array* CPDF_Array::AsArray() const { 40 const CPDF_Array* CPDF_Array::AsArray() const {
37 return this; 41 return this;
38 } 42 }
39 43
40 CPDF_Object* CPDF_Array::Clone(FX_BOOL bDirect) const { 44 CPDF_Object* CPDF_Array::Clone() const {
45 return CloneObjectNonCyclic(false);
46 }
47
48 CPDF_Object* CPDF_Array::CloneNonCyclic(
49 bool bDirect,
50 std::set<const CPDF_Object*>* pVisited) const {
51 pVisited->insert(this);
41 CPDF_Array* pCopy = new CPDF_Array(); 52 CPDF_Array* pCopy = new CPDF_Array();
42 for (size_t i = 0; i < GetCount(); i++) { 53 for (size_t i = 0; i < GetCount(); i++) {
43 CPDF_Object* value = m_Objects.at(i); 54 CPDF_Object* value = m_Objects.at(i);
44 pCopy->m_Objects.push_back(value->Clone(bDirect)); 55 if (!pdfium::ContainsKey(*pVisited, value))
56 pCopy->m_Objects.push_back(value->CloneNonCyclic(bDirect, pVisited));
45 } 57 }
46 return pCopy; 58 return pCopy;
47 } 59 }
48 60
49 CFX_FloatRect CPDF_Array::GetRect() { 61 CFX_FloatRect CPDF_Array::GetRect() {
50 CFX_FloatRect rect; 62 CFX_FloatRect rect;
51 if (!IsArray() || m_Objects.size() != 4) 63 if (!IsArray() || m_Objects.size() != 4)
52 return rect; 64 return rect;
53 65
54 rect.left = GetNumberAt(0); 66 rect.left = GetNumberAt(0);
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after
191 ASSERT(IsArray()); 203 ASSERT(IsArray());
192 CPDF_Number* pNumber = new CPDF_Number(f); 204 CPDF_Number* pNumber = new CPDF_Number(f);
193 Add(pNumber); 205 Add(pNumber);
194 } 206 }
195 207
196 void CPDF_Array::AddReference(CPDF_IndirectObjectHolder* pDoc, 208 void CPDF_Array::AddReference(CPDF_IndirectObjectHolder* pDoc,
197 uint32_t objnum) { 209 uint32_t objnum) {
198 ASSERT(IsArray()); 210 ASSERT(IsArray());
199 Add(new CPDF_Reference(pDoc, objnum)); 211 Add(new CPDF_Reference(pDoc, objnum));
200 } 212 }
OLDNEW
« no previous file with comments | « core/fpdfapi/fpdf_page/cpdf_image.cpp ('k') | core/fpdfapi/fpdf_parser/cpdf_array_unittest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698