Add m_pDocument in CPDF_Color and check if page date has been forced clear

This will prevent using freed pattern object.
This is a better solution than https://pdfium.googlesource.com/pdfium/+/1b9c5c4dc41956b8c5ab17b9a882adf8a2513768
and in essence revert that patch

BUG=409373
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/522483003

3 files changed, 21 insertions, 27 deletions

diff --git a/core/include/fpdfapi/fpdf_resource.h b/core/include/fpdfapi/fpdf_resource.h
index 4ce4ddc8bb..92c4872537 100644
--- a/core/include/fpdfapi/fpdf_resource.h
+++ b/core/include/fpdfapi/fpdf_resource.h
@@ -680,10 +680,8 @@ class CPDF_Color : public CFX_Object
 {
 public:
 
-    CPDF_Color()
+    CPDF_Color() :m_pCS(NULL), m_pBuffer(NULL), m_pDocument(NULL)
     {
-        m_pBuffer = NULL;
-        m_pCS = NULL;
     }
 
     CPDF_Color(int family);
@@ -720,10 +718,11 @@ public:
 
     CPDF_ColorSpace*		m_pCS;
 
-    FX_FLOAT*			m_pBuffer;
 protected:
     void	ReleaseBuffer();
     void	ReleaseColorSpace();
+    FX_FLOAT*			    m_pBuffer;
+    CPDF_Document*          m_pDocument;
 };
 #define PATTERN_TILING		1
 #define PATTERN_SHADING		2
@@ -732,7 +731,6 @@ class CPDF_Pattern : public CFX_Object
 public:
    
     virtual ~CPDF_Pattern();
-    void SaveColor(CPDF_Color* pColor) {m_pColor = pColor;}
 
     CPDF_Object*                m_pPatternObj;
 
@@ -742,7 +740,6 @@ public:
     CFX_AffineMatrix            m_ParentMatrix;
 
     CPDF_Document*              m_pDocument;
-    CPDF_Color*                 m_pColor;
 
 protected:
     
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index d99e643047..db384a7d8f 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
@@ -1292,9 +1292,11 @@ void CPDF_Color::ReleaseBuffer()
     if (m_pCS->GetFamily() == PDFCS_PATTERN) {
         PatternValue* pvalue = (PatternValue*)m_pBuffer;
         CPDF_Pattern* pPattern = pvalue->m_pPattern;
-        if (pPattern && pPattern->m_pDocument) {
-            pPattern->SaveColor(NULL);
-            pPattern->m_pDocument->GetPageData()->ReleasePattern(pPattern->m_pPatternObj);
+        if (pPattern && m_pDocument) {
+            CPDF_DocPageData *pPageData = m_pDocument->GetPageData();
+            if (pPageData && !pPageData->IsForceClear()) {
+                pPageData->ReleasePattern(pPattern->m_pPatternObj);
+            }
         }
     }
     FX_Free(m_pBuffer);
@@ -1302,9 +1304,10 @@ void CPDF_Color::ReleaseBuffer()
 }
 void CPDF_Color::ReleaseColorSpace()
 {
-    if (m_pCS && m_pCS->m_pDocument && m_pCS->GetArray()) {
-        m_pCS->m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray());
+    if (m_pDocument && m_pCS && m_pCS->GetArray()) {
+        m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray());
         m_pCS = NULL;
+        m_pDocument = NULL;
     }
 }
 void CPDF_Color::SetColorSpace(CPDF_ColorSpace* pCS)
@@ -1315,11 +1318,13 @@ void CPDF_Color::SetColorSpace(CPDF_ColorSpace* pCS)
         }
         ReleaseColorSpace();
         m_pCS = pCS;
+        m_pDocument = pCS->m_pDocument;
         return;
     }
     ReleaseBuffer();
     ReleaseColorSpace();
     m_pCS = pCS;
+    m_pDocument = pCS->m_pDocument;
     if (m_pCS) {
         m_pBuffer = pCS->CreateBuf();
         pCS->GetDefaultColor(m_pBuffer);
@@ -1346,18 +1351,15 @@ void CPDF_Color::SetValue(CPDF_Pattern* pPattern, FX_FLOAT* comps, int ncomps)
         m_pCS = CPDF_ColorSpace::GetStockCS(PDFCS_PATTERN);
         m_pBuffer = m_pCS->CreateBuf();
     }
-    CPDF_DocPageData* pDocPageData = NULL;
     PatternValue* pvalue = (PatternValue*)m_pBuffer;
-    if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) {
-        pDocPageData = pvalue->m_pPattern->m_pDocument->GetPageData();
-        pvalue->m_pPattern->SaveColor(NULL);
-        pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj);
+    if (pvalue->m_pPattern && m_pDocument) {
+        CPDF_DocPageData *pDocPageData = m_pDocument->GetPageData();
+        if (pDocPageData && !pDocPageData->IsForceClear()) {
+            pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj);
+        }
     }
     pvalue->m_nComps = ncomps;
     pvalue->m_pPattern = pPattern;
-    if (pPattern) {
-        pPattern->SaveColor(this);
-    }
     if (ncomps) {
         FXSYS_memcpy32(pvalue->m_Comps, comps, ncomps * sizeof(FX_FLOAT));
     }
@@ -1380,8 +1382,8 @@ void CPDF_Color::Copy(const CPDF_Color* pSrc)
     FXSYS_memcpy32(m_pBuffer, pSrc->m_pBuffer, m_pCS->GetBufSize());
     if (m_pCS->GetFamily() == PDFCS_PATTERN) {
         PatternValue* pvalue = (PatternValue*)m_pBuffer;
-        if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) {
-            pvalue->m_pPattern = pvalue->m_pPattern->m_pDocument->GetPageData()->GetPattern(pvalue->m_pPattern->m_pPatternObj, FALSE, &pvalue->m_pPattern->m_ParentMatrix);
+        if (pvalue->m_pPattern && m_pDocument) {
+            pvalue->m_pPattern = m_pDocument->GetPageData()->GetPattern(pvalue->m_pPattern->m_pPatternObj, FALSE, &pvalue->m_pPattern->m_ParentMatrix);
         }
     }
 }
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
index c7c1e7a565..bcb8196662 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
@@ -8,19 +8,14 @@
 #include "pageint.h"
 
 CPDF_Pattern::CPDF_Pattern(const CFX_AffineMatrix* pParentMatrix) :
-    m_pPatternObj(NULL), m_PatternType(PATTERN_TILING), m_pDocument(NULL), m_pColor(NULL)
+    m_pPatternObj(NULL), m_PatternType(PATTERN_TILING), m_pDocument(NULL)
 {
     if (pParentMatrix) {
         m_ParentMatrix = *pParentMatrix;
     }
 }
-
 CPDF_Pattern::~CPDF_Pattern()
 {
-    if (m_pColor) {
-        m_pColor->SetValue(NULL, NULL, 0);
-        m_pColor = NULL;
-    }
 }
 CPDF_TilingPattern::CPDF_TilingPattern(CPDF_Document* pDoc, CPDF_Object* pPatternObj, const CFX_AffineMatrix* parentMatrix) :
     CPDF_Pattern(parentMatrix)