summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-10-17 15:36:12 -0700
committerCommit bot <commit-bot@chromium.org>2016-10-17 15:36:12 -0700
commitc11287728d15bcc2c431f4b3c6eba8b5a79f906b (patch)
treec98f8d6c8b131c2f3d26fe0d28ba988a563e3388
parent11e966a2dd931d4676a1b6a7d074a40dd4c1a5d1 (diff)
downloadpdfium-c11287728d15bcc2c431f4b3c6eba8b5a79f906b.tar.xz
Fix segv in AddImage()
The assumption that only indirect objects would be passed is wrong. Restore old behaviour despite muddying ownership constraints. R=thestig@chromium.org BUG=656145 Review-Url: https://codereview.chromium.org/2425843002
Diffstat
-rw-r--r--core/fpdfapi/page/cpdf_streamcontentparser.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
index 7f20b227b6..4ad763e3b2 100644
--- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp
+++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp
@@ -669,7 +669,11 @@ void CPDF_StreamContentParser::Handle_ExecuteXObject() {
type = pXObject->GetDict()->GetStringFor("Subtype");
if (type == "Image") {
- CPDF_ImageObject* pObj = AddImage(pXObject->GetObjNum());
+ CPDF_ImageObject* pObj =
+ pXObject->IsInline()
+ ? AddImage(UniqueStream(ToStream(pXObject->Clone())))
+ : AddImage(pXObject->GetObjNum());
+
m_LastImageName = name;
m_pLastImage = pObj->GetImage();
if (!m_pObjectHolder->HasImageMask())
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 08:51:56 +0000