diff options
author | foxit <jun_fang@foxitsoftware.com> | 2014-07-07 14:06:56 -0700 |
---|---|---|
committer | foxit <jun_fang@foxitsoftware.com> | 2014-07-07 14:06:56 -0700 |
commit | a26b3289515acebc1e936234a1b076d4a9a3fca5 (patch) | |
tree | 435ed06270ad2417b5a1bbf38d23a8c1e29b03b2 | |
parent | f3227aeb0b4243a0ce4da5f6adfa1ebbfc902d17 (diff) | |
download | pdfium-a26b3289515acebc1e936234a1b076d4a9a3fca5.tar.xz |
fix a crash issue in _CMapLookupCallback
BUG=382242
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/341333004
-rw-r--r-- | core/include/fpdfapi/fpdf_objects.h | 7 | ||||
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp | 10 | ||||
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 1 |
3 files changed, 16 insertions, 2 deletions
diff --git a/core/include/fpdfapi/fpdf_objects.h b/core/include/fpdfapi/fpdf_objects.h index a41ff087ca..1b7cb94583 100644 --- a/core/include/fpdfapi/fpdf_objects.h +++ b/core/include/fpdfapi/fpdf_objects.h @@ -49,6 +49,11 @@ public: return m_ObjNum; } + FX_DWORD GetGenNum() const + { + return m_GenNum; + } + FX_BOOL IsIdentical(CPDF_Object* pObj) const; CPDF_Object* Clone(FX_BOOL bDirect = FALSE) const; @@ -90,9 +95,11 @@ protected: CPDF_Object() { m_ObjNum = 0; + m_GenNum = 0; } FX_DWORD m_ObjNum; + FX_DWORD m_GenNum; void Destroy(); diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp index 6c93bcb39f..e945ab52a0 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp @@ -1271,9 +1271,15 @@ void CPDF_IndirectObjects::InsertIndirectObject(FX_DWORD objnum, CPDF_Object* pO if (objnum == 0 || pObj == NULL) { return; } - FX_LPVOID value; + FX_LPVOID value = NULL; if (m_IndirectObjs.Lookup((FX_LPVOID)(FX_UINTPTR)objnum, value)) { - ((CPDF_Object*)value)->Destroy(); + if (value) + { + if (pObj->GetGenNum() <= ((CPDF_Object*)value)->GetGenNum()) + return; + else + ((CPDF_Object*)value)->Destroy(); + } } pObj->m_ObjNum = objnum; m_IndirectObjs.SetAt((FX_LPVOID)(FX_UINTPTR)objnum, pObj); diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index b9e535977d..3bfd37fe4a 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -1384,6 +1384,7 @@ CPDF_Object* CPDF_Parser::ParseIndirectObjectAt(CPDF_IndirectObjects* pObjList, m_Syntax.RestorePos(SavedPos); if (pObj && !objnum) { pObj->m_ObjNum = real_objnum; + pObj->m_GenNum = gennum; } return pObj; } |