Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(794)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 875263002: Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt(). (Closed)

Created:
5 years, 11 months ago by Tom Sepez
Modified:
5 years, 11 months ago
Reviewers:
Lei Zhang
CC:
pdfium-reviews_googlegroups.com
Base URL:
https://pdfium.googlesource.com/pdfium.git@master
Target Ref:
refs/heads/master
Visibility:
Public.

Description

Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt(). A suitably corrupted file can cause the parser(s) to repeatedly re-read sections of the file at increasing parser recursion depth until the stack is exhausted. There is supposed to be a check for this based upon the parser "level", but not all call paths pass or update the level as required. Much as I hate per-class statics, this introduces one to track the depth so that the check is enforced no matter how screwy the call path might be that leads the parser to re-enter itself. This is more palatable than trying to find all these paths and fix them. We know this is OK since there is only one thread in here modifying the static. BUG=451830 R=thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/a03932372b0906a340a6e3860c87e45f9ec79042

Patch Set 1 #

Total comments: 2

Patch Set 2 : explicit constructor. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+57 lines, -17 lines) Patch
M core/include/fpdfapi/fpdf_parser.h View 3 chunks +4 lines, -3 lines 0 comments Download
M core/include/fxcrt/fx_basic.h View 1 1 chunk +15 lines, -0 lines 0 comments Download
M core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp View 13 chunks +19 lines, -14 lines 0 comments Download
M fpdfsdk/src/fpdfview_embeddertest.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
A testing/resources/bug_451830.pdf View 1 1 chunk +14 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (1 generated)
Tom Sepez
Lei, please review.
5 years, 11 months ago (2015-01-26 23:17:09 UTC) #2
Lei Zhang
lgtm Given the methods are public, it is harder to make sure all callers handle ...
5 years, 11 months ago (2015-01-27 00:43:32 UTC) #3
Tom Sepez
https://codereview.chromium.org/875263002/diff/1/core/include/fxcrt/fx_basic.h File core/include/fxcrt/fx_basic.h (right): https://codereview.chromium.org/875263002/diff/1/core/include/fxcrt/fx_basic.h#newcode1421 core/include/fxcrt/fx_basic.h:1421: CFX_AutoRestorer(T* location) { On 2015/01/27 00:43:32, Lei Zhang wrote: ...
5 years, 11 months ago (2015-01-27 00:50:46 UTC) #4
Tom Sepez
5 years, 11 months ago (2015-01-27 00:51:26 UTC) #5
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) manually as
a03932372b0906a340a6e3860c87e45f9ec79042 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698