summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun Fang <jun_fang@foxitsoftware.com>2015-12-09 20:07:18 -0800
committerJun Fang <jun_fang@foxitsoftware.com>2015-12-09 20:07:18 -0800
commit3b1707f50e4961c2a350243acbeaaafd89e22fca (patch)
tree3e8ef096e61729866e1a469131b7df47ac31658b
parent03ae07fabe4764ebb445d208fa199e285168ed25 (diff)
downloadpdfium-3b1707f50e4961c2a350243acbeaaafd89e22fca.tar.xz
Fix heap-use-after-free in CXFA_PDFFontMgr::~CXFA_PDFFontMgr()
BUG=pdfium:306 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1506423002 .
-rw-r--r--xfa/src/fxfa/src/app/xfa_fontmgr.cpp9
1 files changed, 1 insertions, 8 deletions
diff --git a/xfa/src/fxfa/src/app/xfa_fontmgr.cpp b/xfa/src/fxfa/src/app/xfa_fontmgr.cpp
index 23a1b29c01..f63c4f2810 100644
--- a/xfa/src/fxfa/src/app/xfa_fontmgr.cpp
+++ b/xfa/src/fxfa/src/app/xfa_fontmgr.cpp
@@ -1864,15 +1864,8 @@ CXFA_PDFFontMgr::CXFA_PDFFontMgr(CXFA_FFDoc* pDoc) {
m_pDoc = pDoc;
}
CXFA_PDFFontMgr::~CXFA_PDFFontMgr() {
- FX_POSITION ps = m_FDE2PDFFont.GetStartPosition();
- while (ps) {
- IFX_Font* pFDEFont;
- void* pPDFFont;
- m_FDE2PDFFont.GetNextAssoc(ps, (void*&)pFDEFont, pPDFFont);
- pFDEFont->SetFontProvider(NULL);
- }
m_FDE2PDFFont.RemoveAll();
- ps = m_FontArray.GetStartPosition();
+ FX_POSITION ps = m_FontArray.GetStartPosition();
while (ps) {
CFX_ByteString strKey;
IFX_Font* pFont = NULL;