| Index: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
|
| diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
|
| index 5dfcc82787664b567f7066ece623db2ac72ba890..819598976c023da9c21f7f1bcd6915f3d0a626ae 100644
|
| --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
|
| +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
|
| @@ -12,7 +12,6 @@
|
| #include <utility>
|
| #include <vector>
|
|
|
| -#define _PARSER_OBJECT_LEVLE_ 64
|
| extern const FX_LPCSTR _PDF_CharType;
|
| FX_BOOL IsSignatureDict(const CPDF_Dictionary* pDict)
|
| {
|
| @@ -39,6 +38,7 @@ static int _CompareFileSize(const void* p1, const void* p2)
|
| }
|
| return 0;
|
| }
|
| +
|
| CPDF_Parser::CPDF_Parser()
|
| {
|
| m_pDocument = NULL;
|
| @@ -1217,7 +1217,7 @@ CPDF_Object* CPDF_Parser::ParseIndirectObject(CPDF_IndirectObjects* pObjList, FX
|
| FX_DWORD thisoff = syntax.GetDirectNum();
|
| if (thisnum == objnum) {
|
| syntax.RestorePos(offset + thisoff);
|
| - pRet = syntax.GetObject(pObjList, 0, 0, 0, pContext);
|
| + pRet = syntax.GetObject(pObjList, 0, 0, pContext);
|
| break;
|
| }
|
| n --;
|
| @@ -1396,7 +1396,7 @@ CPDF_Object* CPDF_Parser::ParseIndirectObjectAt(CPDF_IndirectObjects* pObjList,
|
| m_Syntax.RestorePos(SavedPos);
|
| return NULL;
|
| }
|
| - CPDF_Object* pObj = m_Syntax.GetObject(pObjList, objnum, parser_gennum, 0, pContext);
|
| + CPDF_Object* pObj = m_Syntax.GetObject(pObjList, objnum, parser_gennum, pContext);
|
| FX_FILESIZE endOffset = m_Syntax.SavePos();
|
| CFX_ByteString bsWord = m_Syntax.GetKeyword();
|
| if (bsWord == FX_BSTRC("endobj")) {
|
| @@ -1437,7 +1437,7 @@ CPDF_Object* CPDF_Parser::ParseIndirectObjectAtByStrict(CPDF_IndirectObjects* pO
|
| m_Syntax.RestorePos(SavedPos);
|
| return NULL;
|
| }
|
| - CPDF_Object* pObj = m_Syntax.GetObjectByStrict(pObjList, objnum, gennum, 0, pContext);
|
| + CPDF_Object* pObj = m_Syntax.GetObjectByStrict(pObjList, objnum, gennum, pContext);
|
| if (pResultPos) {
|
| *pResultPos = m_Syntax.m_Pos;
|
| }
|
| @@ -1676,6 +1676,10 @@ FX_DWORD CPDF_Parser::LoadLinearizedMainXRefTable()
|
| m_Syntax.m_MetadataObjnum = dwSaveMetadataObjnum;
|
| return PDFPARSE_ERROR_SUCCESS;
|
| }
|
| +
|
| +// static
|
| +int CPDF_SyntaxParser::s_CurrentRecursionDepth = 0;
|
| +
|
| CPDF_SyntaxParser::CPDF_SyntaxParser()
|
| {
|
| m_pFileAccess = NULL;
|
| @@ -2049,9 +2053,10 @@ CFX_ByteString CPDF_SyntaxParser::GetKeyword()
|
| GetNextWord();
|
| return CFX_ByteString((FX_LPCSTR)m_WordBuffer, m_WordSize);
|
| }
|
| -CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWORD objnum, FX_DWORD gennum, FX_INT32 level, PARSE_CONTEXT* pContext, FX_BOOL bDecrypt)
|
| +CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWORD objnum, FX_DWORD gennum, PARSE_CONTEXT* pContext, FX_BOOL bDecrypt)
|
| {
|
| - if (level > _PARSER_OBJECT_LEVLE_) {
|
| + CFX_AutoRestorer<int> restorer(&s_CurrentRecursionDepth);
|
| + if (++s_CurrentRecursionDepth > kParserMaxRecursionDepth) {
|
| return NULL;
|
| }
|
| FX_FILESIZE SavedPos = m_Pos;
|
| @@ -2136,7 +2141,7 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWO
|
| }
|
| CPDF_Array* pArray = CPDF_Array::Create();
|
| while (1) {
|
| - CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, level + 1);
|
| + CPDF_Object* pObj = GetObject(pObjList, objnum, gennum);
|
| if (pObj == NULL) {
|
| return pArray;
|
| }
|
| @@ -2188,7 +2193,7 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWO
|
| if (key == FX_BSTRC("/Contents")) {
|
| dwSignValuePos = m_Pos;
|
| }
|
| - CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, level + 1);
|
| + CPDF_Object* pObj = GetObject(pObjList, objnum, gennum);
|
| if (pObj == NULL) {
|
| continue;
|
| }
|
| @@ -2203,7 +2208,7 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWO
|
| if (IsSignatureDict(pDict)) {
|
| FX_FILESIZE dwSavePos = m_Pos;
|
| m_Pos = dwSignValuePos;
|
| - CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, level + 1, NULL, FALSE);
|
| + CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, NULL, FALSE);
|
| pDict->SetAt(FX_BSTRC("Contents"), pObj);
|
| m_Pos = dwSavePos;
|
| }
|
| @@ -2238,10 +2243,10 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, FX_DWO
|
| }
|
| return NULL;
|
| }
|
| -CPDF_Object* CPDF_SyntaxParser::GetObjectByStrict(CPDF_IndirectObjects* pObjList, FX_DWORD objnum, FX_DWORD gennum,
|
| - FX_INT32 level, struct PARSE_CONTEXT* pContext)
|
| +CPDF_Object* CPDF_SyntaxParser::GetObjectByStrict(CPDF_IndirectObjects* pObjList, FX_DWORD objnum, FX_DWORD gennum, struct PARSE_CONTEXT* pContext)
|
| {
|
| - if (level > _PARSER_OBJECT_LEVLE_) {
|
| + CFX_AutoRestorer<int> restorer(&s_CurrentRecursionDepth);
|
| + if (++s_CurrentRecursionDepth > kParserMaxRecursionDepth) {
|
| return NULL;
|
| }
|
| FX_FILESIZE SavedPos = m_Pos;
|
| @@ -2318,7 +2323,7 @@ CPDF_Object* CPDF_SyntaxParser::GetObjectByStrict(CPDF_IndirectObjects* pObjList
|
| }
|
| CPDF_Array* pArray = CPDF_Array::Create();
|
| while (1) {
|
| - CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, level + 1);
|
| + CPDF_Object* pObj = GetObject(pObjList, objnum, gennum);
|
| if (pObj == NULL) {
|
| if (m_WordBuffer[0] == ']') {
|
| return pArray;
|
| @@ -2364,7 +2369,7 @@ CPDF_Object* CPDF_SyntaxParser::GetObjectByStrict(CPDF_IndirectObjects* pObjList
|
| continue;
|
| }
|
| key = PDF_NameDecode(key);
|
| - CPDF_Object* pObj = GetObject(pObjList, objnum, gennum, level + 1);
|
| + CPDF_Object* pObj = GetObject(pObjList, objnum, gennum);
|
| if (pObj == NULL) {
|
| if (pDict)
|
| pDict->Release();
|
|
|
Chromium Code Reviews
Issue 875263002:
Fix infinite recursion in CPDF_Parser::ParseIndirectObjectAt(). (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master