Fix stack overflow in object Clone() functions

core/fpdfapi/fpdf_parser/cpdf_stream.cpp

Index: core/fpdfapi/fpdf_parser/cpdf_stream.cpp
diff --git a/core/fpdfapi/fpdf_parser/cpdf_stream.cpp b/core/fpdfapi/fpdf_parser/cpdf_stream.cpp
index 7e65c25533b76228e5911a9d376fbbb0caf8e8b0..c3821c20f93dabe6ee536d2dd927b567ba3d51ec 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_stream.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_stream.cpp
@@ -9,6 +9,7 @@
 #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h"
 #include "core/fpdfapi/fpdf_parser/include/cpdf_stream_acc.h"
 #include "core/fpdfapi/fpdf_parser/include/fpdf_parser_decode.h"
+#include "third_party/base/stl_util.h"
 
 CPDF_Stream::CPDF_Stream(uint8_t* pData, uint32_t size, CPDF_Dictionary* pDict)
     : m_pDict(pDict),
@@ -71,13 +72,21 @@ void CPDF_Stream::InitStream(const uint8_t* pData,
     m_pDict->SetAtInteger("Length", size);
 }
 
-CPDF_Object* CPDF_Stream::Clone(FX_BOOL bDirect) const {
+CPDF_Object* CPDF_Stream::Clone() const {
+  return CloneDeRef(false);
+}
+
+CPDF_Object* CPDF_Stream::CloneWithCheck(
+    bool bDirect,
+    std::set<const CPDF_Object*>* pVisited) const {
+  pVisited->insert(this);
   CPDF_StreamAcc acc;
   acc.LoadAllData(this, TRUE);
   uint32_t streamSize = acc.GetSize();
   CPDF_Dictionary* pDict = GetDict();
-  if (pDict)
-    pDict = ToDictionary(pDict->Clone(bDirect));
+  if (pDict && !pdfium::ContainsKey(*pVisited, pDict))

[dsinclair, 2016/08/18 14:04:31]

nit: {}'s

[Wei Li, 2016/08/18 22:02:30]

Done.

+    pDict = ToDictionary(static_cast<const CPDF_Object*>(pDict)->CloneWithCheck(

[dsinclair, 2016/08/18 14:04:31]

Why static_cast to Object?

[Wei Li, 2016/08/18 22:02:30]

Original, I only expose CPDF_Object::CloneWithCheck() as public. Now we expose
friend classes thru CPDF_Object also.

+        bDirect, pVisited));
 
   return new CPDF_Stream(acc.DetachData(), streamSize, pDict);
 }