From 2c1ec5347ae7c2b610c33f5cd0a034d9c8345d77 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Sun, 16 Mar 2014 01:19:22 +0000 Subject: Avoid premature dropping of objects in pdf_dict_put When inserting a new value into a dictionary, if replacing an existing entry, ensure we keep the new value before dropping the old one. This is important in the case where (for example) the existing value is "[ object ]" and the new value is "object". If we drop the array and that loses the only reference to object, we can find that we have lost the value we are adding. --- source/pdf/pdf-object.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c index 88ed25e5..6fd69bbd 100644 --- a/source/pdf/pdf-object.c +++ b/source/pdf/pdf-object.c @@ -1048,8 +1048,9 @@ pdf_dict_put(pdf_obj *obj, pdf_obj *key, pdf_obj *val) { if (obj->u.d.items[i].v != val) { - pdf_drop_obj(obj->u.d.items[i].v); + pdf_obj *d = obj->u.d.items[i].v; obj->u.d.items[i].v = pdf_keep_obj(val); + pdf_drop_obj(d); } } else -- cgit v1.2.3