Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(338)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

Issue 893333003: Merge to XFA: Fix stack exhaustion in CPDF_DataAvail::HaveResourceAncestor() (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fpdfapi/fpdf_page.h" 9 #include "../../../include/fpdfapi/fpdf_page.h"
10 #include "../../../../third_party/numerics/safe_math.h" 10 #include "../../../../third_party/numerics/safe_math.h"
(...skipping 2729 matching lines...) Expand 10 before | Expand all | Expand 10 after
2740 virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE; 2740 virtual FX_INT32 IsFormAvail(IFX_DownloadHints *pHints) FX_OVERRIDE;
2741 2741
2742 virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE; 2742 virtual FX_INT32 IsLinearizedPDF() FX_OVERRIDE;
2743 2743
2744 virtual FX_BOOL IsLinearized() FX_OVERRIDE 2744 virtual FX_BOOL IsLinearized() FX_OVERRIDE
2745 { 2745 {
2746 return m_bLinearized; 2746 return m_bLinearized;
2747 } 2747 }
2748 2748
2749 virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *p Pos, FX_DWORD *pSize) FX_OVERRIDE; 2749 virtual void GetLinearizedMainXRefInfo(FX_FILESIZE *p Pos, FX_DWORD *pSize) FX_OVERRIDE;
2750
2750 protected: 2751 protected:
2752 static const int kMaxDataAvailRecursionDepth = 64;
2753 static int s_CurrentDataAvailRecursionDepth;
2754
2751 FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESI ZE& offset); 2755 FX_DWORD GetObjectSize(FX_DWORD objnum, FX_FILESI ZE& offset);
2752 FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array); 2756 FX_BOOL IsObjectsAvail(CFX_PtrArray& obj_array, FX_BOOL bParsePage, IFX_DownloadHints* pHints, CFX_PtrArray &ret_array);
2753 FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints ); 2757 FX_BOOL CheckDocStatus(IFX_DownloadHints *pHints );
2754 FX_BOOL CheckHeader(IFX_DownloadHints* pHints); 2758 FX_BOOL CheckHeader(IFX_DownloadHints* pHints);
2755 FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints ); 2759 FX_BOOL CheckFirstPage(IFX_DownloadHints *pHints );
2756 FX_BOOL CheckEnd(IFX_DownloadHints *pHints); 2760 FX_BOOL CheckEnd(IFX_DownloadHints *pHints);
2757 FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints) ; 2761 FX_BOOL CheckCrossRef(IFX_DownloadHints* pHints) ;
2758 FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHi nts); 2762 FX_BOOL CheckCrossRefItem(IFX_DownloadHints *pHi nts);
2759 FX_BOOL CheckTrailer(IFX_DownloadHints* pHints); 2763 FX_BOOL CheckTrailer(IFX_DownloadHints* pHints);
2760 FX_BOOL CheckRoot(IFX_DownloadHints* pHints); 2764 FX_BOOL CheckRoot(IFX_DownloadHints* pHints);
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
2916 m_pFileAvail(pFileAvail), 2920 m_pFileAvail(pFileAvail),
2917 m_pFileRead(pFileRead) { 2921 m_pFileRead(pFileRead) {
2918 } 2922 }
2919 2923
2920 // static 2924 // static
2921 IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead) 2925 IPDF_DataAvail* IPDF_DataAvail::Create(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRead)
2922 { 2926 {
2923 return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead); 2927 return FX_NEW CPDF_DataAvail(pFileAvail, pFileRead);
2924 } 2928 }
2925 2929
2930 // static
2931 int CPDF_DataAvail::s_CurrentDataAvailRecursionDepth = 0;
2932
2926 CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea d) 2933 CPDF_DataAvail::CPDF_DataAvail(IFX_FileAvail* pFileAvail, IFX_FileRead* pFileRea d)
2927 : IPDF_DataAvail(pFileAvail, pFileRead) 2934 : IPDF_DataAvail(pFileAvail, pFileRead)
2928 { 2935 {
2929 m_Pos = 0; 2936 m_Pos = 0;
2930 m_dwFileLen = 0; 2937 m_dwFileLen = 0;
2931 if (m_pFileRead) { 2938 if (m_pFileRead) {
2932 m_dwFileLen = (FX_DWORD)m_pFileRead->GetSize(); 2939 m_dwFileLen = (FX_DWORD)m_pFileRead->GetSize();
2933 } 2940 }
2934 m_dwCurrentOffset = 0; 2941 m_dwCurrentOffset = 0;
2935 m_WordSize = 0; 2942 m_WordSize = 0;
(...skipping 1456 matching lines...) Expand 10 before | Expand all | Expand 10 after
4392 } 4399 }
4393 if (m_bAnnotsLoad) 4400 if (m_bAnnotsLoad)
4394 if (!CheckLinearizedData(pHints)) { 4401 if (!CheckLinearizedData(pHints)) {
4395 return FALSE; 4402 return FALSE;
4396 } 4403 }
4397 m_bPageLoadedOK = FALSE; 4404 m_bPageLoadedOK = FALSE;
4398 return TRUE; 4405 return TRUE;
4399 } 4406 }
4400 FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict) 4407 FX_BOOL CPDF_DataAvail::HaveResourceAncestor(CPDF_Dictionary *pDict)
4401 { 4408 {
4409 CFX_AutoRestorer<int> restorer(&s_CurrentDataAvailRecursionDepth);
4410 if (++s_CurrentDataAvailRecursionDepth > kMaxDataAvailRecursionDepth) {
4411 return FALSE;
4412 }
4402 CPDF_Object *pParent = pDict->GetElement("Parent"); 4413 CPDF_Object *pParent = pDict->GetElement("Parent");
4403 if (!pParent) { 4414 if (!pParent) {
4404 return FALSE; 4415 return FALSE;
4405 } 4416 }
4406 CPDF_Dictionary *pParentDict = pParent->GetDict(); 4417 CPDF_Dictionary *pParentDict = pParent->GetDict();
4407 if (!pParentDict) { 4418 if (!pParentDict) {
4408 return FALSE; 4419 return FALSE;
4409 } 4420 }
4410 CPDF_Object *pRet = pParentDict->GetElement("Resources"); 4421 CPDF_Object *pRet = pParentDict->GetElement("Resources");
4411 if (pRet) { 4422 if (pRet) {
4412 m_pPageResource = pRet; 4423 m_pPageResource = pRet;
4413 return TRUE; 4424 return TRUE;
4414 } else {
4415 return HaveResourceAncestor(pParentDict);
4416 } 4425 }
4426 return HaveResourceAncestor(pParentDict);
4417 } 4427 }
4418 FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints) 4428 FX_BOOL CPDF_DataAvail::IsPageAvail(FX_INT32 iPage, IFX_DownloadHints* pHints)
4419 { 4429 {
4420 if (!m_pDocument) { 4430 if (!m_pDocument) {
4421 return FALSE; 4431 return FALSE;
4422 } 4432 }
4423 if (IsFirstCheck(iPage)) { 4433 if (IsFirstCheck(iPage)) {
4424 m_bCurPageDictLoadOK = FALSE; 4434 m_bCurPageDictLoadOK = FALSE;
4425 m_bPageLoadedOK = FALSE; 4435 m_bPageLoadedOK = FALSE;
4426 m_bAnnotsLoad = FALSE; 4436 m_bAnnotsLoad = FALSE;
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after
4632 { 4642 {
4633 FX_INT32 iSize = m_childNode.GetSize(); 4643 FX_INT32 iSize = m_childNode.GetSize();
4634 for (FX_INT32 i = 0; i < iSize; ++i) { 4644 for (FX_INT32 i = 0; i < iSize; ++i) {
4635 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i]; 4645 CPDF_PageNode *pNode = (CPDF_PageNode*)m_childNode[i];
4636 if (pNode) { 4646 if (pNode) {
4637 delete pNode; 4647 delete pNode;
4638 } 4648 }
4639 } 4649 }
4640 m_childNode.RemoveAll(); 4650 m_childNode.RemoveAll();
4641 } 4651 }
OLDNEW
« no previous file with comments | « no previous file | fpdfsdk/src/fpdfview_embeddertest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698