Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(321)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/fpdf_page/fpdf_page_func.cpp

Issue 2350013003: Fix stack exhaustion in CPDF_PSProc::Parse() (Closed)
Patch Set: stray file Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/fpdfapi/fpdf_page/cpdf_psengine.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/fpdf_page/pageint.h" 7 #include "core/fpdfapi/fpdf_page/pageint.h"
8 8
9 #include <limits.h> 9 #include <limits.h>
10 10
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 {"pop", PSOP_POP}, {"exch", PSOP_EXCH}, 132 {"pop", PSOP_POP}, {"exch", PSOP_EXCH},
133 {"dup", PSOP_DUP}, {"copy", PSOP_COPY}, 133 {"dup", PSOP_DUP}, {"copy", PSOP_COPY},
134 {"index", PSOP_INDEX}, {"roll", PSOP_ROLL}}; 134 {"index", PSOP_INDEX}, {"roll", PSOP_ROLL}};
135 135
136 FX_BOOL CPDF_PSEngine::Parse(const FX_CHAR* str, int size) { 136 FX_BOOL CPDF_PSEngine::Parse(const FX_CHAR* str, int size) {
137 CPDF_SimpleParser parser((uint8_t*)str, size); 137 CPDF_SimpleParser parser((uint8_t*)str, size);
138 CFX_ByteStringC word = parser.GetWord(); 138 CFX_ByteStringC word = parser.GetWord();
139 if (word != "{") { 139 if (word != "{") {
140 return FALSE; 140 return FALSE;
141 } 141 }
142 return m_MainProc.Parse(&parser); 142 return m_MainProc.Parse(&parser, 0);
143 } 143 }
144 FX_BOOL CPDF_PSProc::Parse(CPDF_SimpleParser* parser) { 144
145 FX_BOOL CPDF_PSProc::Parse(CPDF_SimpleParser* parser, int depth) {
146 if (depth > kMaxDepth)
147 return FALSE;
148
145 while (1) { 149 while (1) {
146 CFX_ByteStringC word = parser->GetWord(); 150 CFX_ByteStringC word = parser->GetWord();
147 if (word.IsEmpty()) { 151 if (word.IsEmpty()) {
148 return FALSE; 152 return FALSE;
149 } 153 }
150 if (word == "}") { 154 if (word == "}") {
151 return TRUE; 155 return TRUE;
152 } 156 }
153 if (word == "{") { 157 if (word == "{") {
154 std::unique_ptr<CPDF_PSProc> proc(new CPDF_PSProc); 158 std::unique_ptr<CPDF_PSProc> proc(new CPDF_PSProc);
155 std::unique_ptr<CPDF_PSOP> op(new CPDF_PSOP(std::move(proc))); 159 std::unique_ptr<CPDF_PSOP> op(new CPDF_PSOP(std::move(proc)));
156 m_Operators.push_back(std::move(op)); 160 m_Operators.push_back(std::move(op));
157 if (!m_Operators.back()->GetProc()->Parse(parser)) { 161 if (!m_Operators.back()->GetProc()->Parse(parser, depth + 1)) {
158 return FALSE; 162 return FALSE;
159 } 163 }
160 } else { 164 } else {
161 bool found = false; 165 bool found = false;
162 for (const PDF_PSOpName& op_name : PDF_PSOpNames) { 166 for (const PDF_PSOpName& op_name : PDF_PSOpNames) {
163 if (word == CFX_ByteStringC(op_name.name)) { 167 if (word == CFX_ByteStringC(op_name.name)) {
164 std::unique_ptr<CPDF_PSOP> op(new CPDF_PSOP(op_name.op)); 168 std::unique_ptr<CPDF_PSOP> op(new CPDF_PSOP(op_name.op));
165 m_Operators.push_back(std::move(op)); 169 m_Operators.push_back(std::move(op));
166 found = true; 170 found = true;
167 break; 171 break;
(...skipping 665 matching lines...) Expand 10 before | Expand all | Expand 10 after
833 return m_Type == Type::kType2ExpotentialInterpolation 837 return m_Type == Type::kType2ExpotentialInterpolation
834 ? static_cast<const CPDF_ExpIntFunc*>(this) 838 ? static_cast<const CPDF_ExpIntFunc*>(this)
835 : nullptr; 839 : nullptr;
836 } 840 }
837 841
838 const CPDF_StitchFunc* CPDF_Function::ToStitchFunc() const { 842 const CPDF_StitchFunc* CPDF_Function::ToStitchFunc() const {
839 return m_Type == Type::kType3Stitching 843 return m_Type == Type::kType3Stitching
840 ? static_cast<const CPDF_StitchFunc*>(this) 844 ? static_cast<const CPDF_StitchFunc*>(this)
841 : nullptr; 845 : nullptr;
842 } 846 }
OLDNEW
« no previous file with comments | « core/fpdfapi/fpdf_page/cpdf_psengine.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698