poppler/Parser.cc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)
New commits: commit 23a2f6a2492a0957489eac31b6700b4d68180bdb Author: Albert Astals Cid <[email protected]> Date: Sat Jun 17 17:47:23 2017 +0200 Break earlier on reaching recursion limit Bug #101379 diff --git a/poppler/Parser.cc b/poppler/Parser.cc index 28a54607..8079ca1d 100644 --- a/poppler/Parser.cc +++ b/poppler/Parser.cc @@ -13,7 +13,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2006, 2009, 201, 2010, 2013, 2014 Albert Astals Cid <[email protected]> +// Copyright (C) 2006, 2009, 201, 2010, 2013, 2014, 2017 Albert Astals Cid <[email protected]> // Copyright (C) 2006 Krzysztof Kowalczyk <[email protected]> // Copyright (C) 2009 Ilya Gorenbein <[email protected]> // Copyright (C) 2012 Hib Eris <[email protected]> @@ -87,8 +87,14 @@ Object *Parser::getObj(Object *obj, GBool simpleOnly, inlineImg = 0; } + if (unlikely(recursion >= recursionLimit)) { + obj->free(); + obj->initError(); + return obj; + } + // array - if (!simpleOnly && likely(recursion < recursionLimit) && buf1.isCmd("[")) { + if (!simpleOnly && buf1.isCmd("[")) { shift(); obj->initArray(xref); while (!buf1.isCmd("]") && !buf1.isEOF()) @@ -101,7 +107,7 @@ Object *Parser::getObj(Object *obj, GBool simpleOnly, shift(); // dictionary or stream - } else if (!simpleOnly && likely(recursion < recursionLimit) && buf1.isCmd("<<")) { + } else if (!simpleOnly && buf1.isCmd("<<")) { shift(objNum); obj->initDict(xref); while (!buf1.isCmd(">>") && !buf1.isEOF()) { @@ -119,6 +125,9 @@ Object *Parser::getObj(Object *obj, GBool simpleOnly, break; } obj->dictAdd(key, getObj(&obj2, gFalse, fileKey, encAlgorithm, keyLength, objNum, objGen, recursion + 1)); + if (unlikely(obj2.isError() && recursion + 1 >= recursionLimit)) { + break; + } } } if (buf1.isEOF()) { _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
