Fix stack overflow in object Clone() functions

core/fpdfapi/fpdf_parser/cpdf_object.cpp

Index: core/fpdfapi/fpdf_parser/cpdf_object.cpp
diff --git a/core/fpdfapi/fpdf_parser/cpdf_object.cpp b/core/fpdfapi/fpdf_parser/cpdf_object.cpp
index ec967d10328ef57960c0caf3d2ef5a460b8eb18f..6410e06620a56038eab26650ee6e812b7868d94d 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_object.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_object.cpp
@@ -22,10 +22,22 @@ CPDF_Object* CPDF_Object::GetDirect() const {
   return const_cast<CPDF_Object*>(this);
 }
 
+CPDF_Object* CPDF_Object::CloneDeRef(bool bDirect) const {

[dsinclair, 2016/08/18 14:04:31]

Oh, I though this was clone dereference. I think this one should be renamed too.

Can this be the public CloneNonCyclic and then CloneWithCheck becomes protected
CloneNOnCyclicInternal? or something?

[Wei Li, 2016/08/18 22:02:30]

CloneWithCheck() was originally set to public to avoid the needs to have friend
classes.
Since exposing it seems confusing, put it back to protected section.

+  std::set<const CPDF_Object*> visited_objs;
+  return CloneWithCheck(bDirect, &visited_objs);
+}
+
+CPDF_Object* CPDF_Object::CloneWithCheck(
+    bool bDirect,
+    std::set<const CPDF_Object*>* pVisited) const {
+  return Clone();
+}
+
 void CPDF_Object::Release() {
   if (m_ObjNum)
     return;
 
+  m_ObjNum = kInvalidObjNum;

[dsinclair, 2016/08/18 14:04:31]

The Destroy() call is going to delete the object so no need to reset the
m_ObjNum

[Wei Li, 2016/08/18 22:02:30]

Moved to each complex class's dtor to avoid double free for cyclic references.

   Destroy();
 }