diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2018-08-01 15:05:45 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2018-08-10 10:57:03 +0200 |
| commit | 6fba5e2583e6aa58274b01811c4cf7996d910af7 (patch) | |
| tree | 2784943602ef1e44715151e6142d635a0f629211 /vcl | |
| parent | b1bfca0c2ce4629fda5cc8e9ecc69c752e312fca (diff) | |
forcepoint#66 protect against infinite parse recurse
Change-Id: I0313cc141469a00b7d6a5bd15400e9d5a8f686cf
Reviewed-on: https://gerrit.libreoffice.org/58452
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 171657a1f675268839526b1a13e5f3549fb73516)
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/filter/ipdf/pdfdocument.cxx | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx index b55ad45096ef..584f22536e67 100644 --- a/vcl/source/filter/ipdf/pdfdocument.cxx +++ b/vcl/source/filter/ipdf/pdfdocument.cxx @@ -1751,16 +1751,16 @@ const std::vector< std::unique_ptr<PDFElement> >& PDFDocument::GetElements() } /// Visits the page tree recursively, looking for page objects. -void PDFObjectElement::visitPages(std::vector<PDFObjectElement*>& rRet) +static void visitPages(PDFObjectElement* pPages, std::vector<PDFObjectElement*>& rRet) { - auto pKids = dynamic_cast<PDFArrayElement*>(Lookup("Kids")); + auto pKids = dynamic_cast<PDFArrayElement*>(pPages->Lookup("Kids")); if (!pKids) { SAL_WARN("vcl.filter", "visitPages: pages has no kids"); return; } - m_bVisiting = true; + pPages->setVisiting(true); for (const auto& pKid : pKids->GetElements()) { @@ -1773,7 +1773,7 @@ void PDFObjectElement::visitPages(std::vector<PDFObjectElement*>& rRet) continue; // detect if visiting reenters itself - if (pKidObject->m_bVisiting) + if (pKidObject->alreadyVisiting()) { SAL_WARN("vcl.filter", "visitPages: loop in hierarchy"); continue; @@ -1782,13 +1782,13 @@ void PDFObjectElement::visitPages(std::vector<PDFObjectElement*>& rRet) auto pName = dynamic_cast<PDFNameElement*>(pKidObject->Lookup("Type")); if (pName && pName->GetValue() == "Pages") // Pages inside pages: recurse. - pKidObject->visitPages(rRet); + visitPages(pKidObject, rRet); else // Found an actual page. rRet.push_back(pKidObject); } - m_bVisiting = false; + pPages->setVisiting(false); } std::vector<PDFObjectElement*> PDFDocument::GetPages() @@ -1833,7 +1833,7 @@ std::vector<PDFObjectElement*> PDFDocument::GetPages() return aRet; } - pPages->visitPages(aRet); + visitPages(pPages, aRet); return aRet; } @@ -2098,7 +2098,6 @@ PDFObjectElement::PDFObjectElement(PDFDocument& rDoc, double fObjectValue, doubl : m_rDoc(rDoc), m_fObjectValue(fObjectValue), m_fGenerationValue(fGenerationValue), - m_bVisiting(false), m_pNumberElement(nullptr), m_nDictionaryOffset(0), m_nDictionaryLength(0), @@ -2126,6 +2125,8 @@ size_t PDFDictionaryElement::Parse(const std::vector< std::unique_ptr<PDFElement if (!rDictionary.empty()) return nRet; + pThis->setParsing(true); + auto pThisObject = dynamic_cast<PDFObjectElement*>(pThis); // This is set to non-nullptr here for nested dictionaries only. auto pThisDictionary = dynamic_cast<PDFDictionaryElement*>(pThis); @@ -2171,7 +2172,7 @@ size_t PDFDictionaryElement::Parse(const std::vector< std::unique_ptr<PDFElement pThisObject->SetDictionaryOffset(nDictionaryOffset); } } - else + else if (!pDictionary->alreadyParsing()) { // Nested dictionary. i = PDFDictionaryElement::Parse(rElements, pDictionary, pDictionary->m_aItems); @@ -2345,6 +2346,8 @@ size_t PDFDictionaryElement::Parse(const std::vector< std::unique_ptr<PDFElement aNumbers.clear(); } + pThis->setParsing(false); + return nRet; } |