summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfoxit <jun_fang@foxitsoftware.com>2014-07-07 14:06:56 -0700
committerfoxit <jun_fang@foxitsoftware.com>2014-07-07 14:06:56 -0700
commita26b3289515acebc1e936234a1b076d4a9a3fca5 (patch)
tree435ed06270ad2417b5a1bbf38d23a8c1e29b03b2
parentf3227aeb0b4243a0ce4da5f6adfa1ebbfc902d17 (diff)
downloadpdfium-a26b3289515acebc1e936234a1b076d4a9a3fca5.tar.xz
fix a crash issue in _CMapLookupCallback
BUG=382242 R=palmer@chromium.org Review URL: https://codereview.chromium.org/341333004
-rw-r--r--core/include/fpdfapi/fpdf_objects.h7
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp10
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp1
3 files changed, 16 insertions, 2 deletions
diff --git a/core/include/fpdfapi/fpdf_objects.h b/core/include/fpdfapi/fpdf_objects.h
index a41ff087ca..1b7cb94583 100644
--- a/core/include/fpdfapi/fpdf_objects.h
+++ b/core/include/fpdfapi/fpdf_objects.h
@@ -49,6 +49,11 @@ public:
return m_ObjNum;
}
+ FX_DWORD GetGenNum() const
+ {
+ return m_GenNum;
+ }
+
FX_BOOL IsIdentical(CPDF_Object* pObj) const;
CPDF_Object* Clone(FX_BOOL bDirect = FALSE) const;
@@ -90,9 +95,11 @@ protected:
CPDF_Object()
{
m_ObjNum = 0;
+ m_GenNum = 0;
}
FX_DWORD m_ObjNum;
+ FX_DWORD m_GenNum;
void Destroy();
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp
index 6c93bcb39f..e945ab52a0 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp
@@ -1271,9 +1271,15 @@ void CPDF_IndirectObjects::InsertIndirectObject(FX_DWORD objnum, CPDF_Object* pO
if (objnum == 0 || pObj == NULL) {
return;
}
- FX_LPVOID value;
+ FX_LPVOID value = NULL;
if (m_IndirectObjs.Lookup((FX_LPVOID)(FX_UINTPTR)objnum, value)) {
- ((CPDF_Object*)value)->Destroy();
+ if (value)
+ {
+ if (pObj->GetGenNum() <= ((CPDF_Object*)value)->GetGenNum())
+ return;
+ else
+ ((CPDF_Object*)value)->Destroy();
+ }
}
pObj->m_ObjNum = objnum;
m_IndirectObjs.SetAt((FX_LPVOID)(FX_UINTPTR)objnum, pObj);
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index b9e535977d..3bfd37fe4a 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -1384,6 +1384,7 @@ CPDF_Object* CPDF_Parser::ParseIndirectObjectAt(CPDF_IndirectObjects* pObjList,
m_Syntax.RestorePos(SavedPos);
if (pObj && !objnum) {
pObj->m_ObjNum = real_objnum;
+ pObj->m_GenNum = gennum;
}
return pObj;
}