Fix stack overflow in CFieldTree::Node::GetFieldInternal().
Limit recursion depth, just like in CountFieldsInternal().
BUG=chromium:716523
Change-Id: I70c052347a1d8fb9a4dbc065a1c9af55c02818f2
Reviewed-on: https://pdfium-review.googlesource.com/4612
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/core/fpdfdoc/cpdf_interform.cpp b/core/fpdfdoc/cpdf_interform.cpp
index f498617..5fbb395 100644
--- a/core/fpdfdoc/cpdf_interform.cpp
+++ b/core/fpdfdoc/cpdf_interform.cpp
@@ -408,7 +408,7 @@
CPDF_FormField* GetFieldAtIndex(size_t index) {
size_t nFieldsToGo = index;
- return GetFieldInternal(&nFieldsToGo);
+ return GetFieldInternal(&nFieldsToGo, 0);
}
size_t CountFields() const { return CountFieldsInternal(0); }
@@ -422,7 +422,10 @@
const CFX_WideString& GetShortName() const { return m_ShortName; }
private:
- CPDF_FormField* GetFieldInternal(size_t* pFieldsToGo) {
+ CPDF_FormField* GetFieldInternal(size_t* pFieldsToGo, int nLevel) {
+ if (nLevel > nMaxRecursion)
+ return nullptr;
+
if (m_pField) {
if (*pFieldsToGo == 0)
return m_pField.get();
@@ -430,7 +433,8 @@
--*pFieldsToGo;
}
for (size_t i = 0; i < GetChildrenCount(); ++i) {
- CPDF_FormField* pField = GetChildAt(i)->GetFieldInternal(pFieldsToGo);
+ CPDF_FormField* pField =
+ GetChildAt(i)->GetFieldInternal(pFieldsToGo, nLevel + 1);
if (pField)
return pField;
}
