Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 880043004: Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor() (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Blank line. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fpdfapi/fpdf_page.h" 9 #include "../../../include/fpdfapi/fpdf_page.h"
10 #include "../../../../third_party/numerics/safe_math.h" 10 #include "../../../../third_party/numerics/safe_math.h"
(...skipping 2725 matching lines...) Expand 10 before | Expand all | Expand 10 after
2736 virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE; 2736 virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE;
2737 2737
2738 virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE; 2738 virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE;
2739 2739
2740 virtual FX_BOOL IsLinearized() FX_OVERRIDE 2740 virtual FX_BOOL IsLinearized() FX_OVERRIDE
2741 { 2741 {
2742 return m_bLinearized; 2742 return m_bLinearized;
2743 } 2743 }
2744 2744
2745 virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *p Pos, FX_DWORD *pSize) FX_OVERRIDE; 2745 virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *p Pos, FX_DWORD *pSize) FX_OVERRIDE;
2746
2746 protected: 2747 protected:
2748 static const int kMaxDataAvailRecursionDepth = 64;
2749 static int s_CurrentDataAvailRecursionDepth;
2750
2747 FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESI ZE& offset); 2751 FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESI ZE& offset);
2748 FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); 2752 FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array);
2749 FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints ); 2753 FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints );
2750 FX_BOOL CheckHeader(IFX_DownloadHints* pHints); 2754 FX_BOOL CheckHeader(IFX_DownloadHints* pHints);
2751 FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints ); 2755 FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints );
2752 FX_BOOL CheckEnd(IFX_DownloadHints *pHints); 2756 FX_BOOL CheckEnd(IFX_DownloadHints *pHints);
2753 FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints) ; 2757 FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints) ;
2754 FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHi nts); 2758 FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHi nts);
2755 FX_BOOL CheckTrailer(IFX_DownloadHints* pHints); 2759 FX_BOOL CheckTrailer(IFX_DownloadHints* pHints);
2756 FX_BOOL CheckRoot(IFX_DownloadHints* pHints); 2760 FX_BOOL CheckRoot(IFX_DownloadHints* pHints);
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
2912 m_pFileAvail(pFileAvail), 2916 m_pFileAvail(pFileAvail),
2913 m_pFileRead(pFileRead) { 2917 m_pFileRead(pFileRead) {
2914 } 2918 }
2915 2919
2916 // static 2920 // static
2917 IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead) 2921 IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead)
2918 { 2922 {
2919 return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead); 2923 return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead);
2920 } 2924 }
2921 2925
2926 // static
2927 int CPDF_DataAvail::s_CurrentDataAvailRecursionDepth = 0;
2928
2922 CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea d) 2929 CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea d)
2923 : IPDF_DataAvail(pFileAvail, pFileRead) 2930 : IPDF_DataAvail(pFileAvail, pFileRead)
2924 { 2931 {
2925 m_Pos = 0; 2932 m_Pos = 0;
2926 m_dwFileLen = 0; 2933 m_dwFileLen = 0;
2927 if (m_pFileRead) { 2934 if (m_pFileRead) {
2928 m_dwFileLen = (FX_DWORD)m_pFileRead->GetSize(); 2935 m_dwFileLen = (FX_DWORD)m_pFileRead->GetSize();
2929 } 2936 }
2930 m_dwCurrentOffset = 0; 2937 m_dwCurrentOffset = 0;
2931 m_WordSize = 0; 2938 m_WordSize = 0;
(...skipping 1456 matching lines...) Expand 10 before | Expand all | Expand 10 after
4388 } 4395 }
4389 if (m_bAnnotsLoad) 4396 if (m_bAnnotsLoad)
4390 if (!CheckLinearizedData(pHints)) { 4397 if (!CheckLinearizedData(pHints)) {
4391 return FALSE; 4398 return FALSE;
4392 } 4399 }
4393 m_bPageLoadedOK = FALSE; 4400 m_bPageLoadedOK = FALSE;
4394 return TRUE; 4401 return TRUE;
4395 } 4402 }
4396 FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) 4403 FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict)
4397 { 4404 {
4405 CFX_AutoRestorer<int> restorer(&s_CurrentDataAvailRecursionDepth);
4406 if (++s_CurrentDataAvailRecursionDepth > kMaxDataAvailRecursionDepth) {
4407 return FALSE;
4408 }
4398 CPDF_Object *pParent = pDict->GetElement("Parent"); 4409 CPDF_Object *pParent = pDict->GetElement("Parent");
4399 if (!pParent) { 4410 if (!pParent) {
4400 return FALSE; 4411 return FALSE;
4401 } 4412 }
4402 CPDF_Dictionary *pParentDict = pParent->GetDict(); 4413 CPDF_Dictionary *pParentDict = pParent->GetDict();
4403 if (!pParentDict) { 4414 if (!pParentDict) {
4404 return FALSE; 4415 return FALSE;
4405 } 4416 }
4406 CPDF_Object *pRet = pParentDict->GetElement("Resources"); 4417 CPDF_Object *pRet = pParentDict->GetElement("Resources");
4407 if (pRet) { 4418 if (pRet) {
4408 m_pPageResource = pRet; 4419 m_pPageResource = pRet;
4409 return TRUE; 4420 return TRUE;
4410 } else {
4411 return HaveResourceAncestor(pParentDict);
4412 } 4421 }
4422 return HaveResourceAncestor(pParentDict);
4413 } 4423 }
4414 FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints) 4424 FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints)
4415 { 4425 {
4416 if (!m_pDocument) { 4426 if (!m_pDocument) {
4417 return FALSE; 4427 return FALSE;
4418 } 4428 }
4419 if (IsFirstCheck(iPage)) { 4429 if (IsFirstCheck(iPage)) {
4420 m_bCurPageDictLoadOK = FALSE; 4430 m_bCurPageDictLoadOK = FALSE;
4421 m_bPageLoadedOK = FALSE; 4431 m_bPageLoadedOK = FALSE;
4422 m_bAnnotsLoad = FALSE; 4432 m_bAnnotsLoad = FALSE;
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after
4628 { 4638 {
4629 FX_INT32 iSize = m_childNode.GetSize(); 4639 FX_INT32 iSize = m_childNode.GetSize();
4630 for (FX_INT32 i = 0; i < iSize; ++i) { 4640 for (FX_INT32 i = 0; i < iSize; ++i) {
4631 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i]; 4641 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i];
4632 if (pNode) { 4642 if (pNode) {
4633 delete pNode; 4643 delete pNode;
4634 } 4644 }
4635 } 4645 }
4636 m_childNode.RemoveAll(); 4646 m_childNode.RemoveAll();
4637 } 4647 }
OLDNEW
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698