diff options
| author | Lei Zhang <thestig@chromium.org> | 2015-10-05 10:16:20 -0700 |
|---|---|---|
| committer | Lei Zhang <thestig@chromium.org> | 2015-10-05 10:16:20 -0700 |
| commit | fd12ec5584d9a17f310a2c0c408a438ef3b1ce63 (patch) | |
| tree | ed9272ed2544339f63d9c757a1d14a9778ad4e9d | |
| parent | eda27bd13270f5324ce3caa34a09a40cffc4026f (diff) | |
| download | pdfium-fd12ec5584d9a17f310a2c0c408a438ef3b1ce63.tar.xz | |
Disable JBIG2 cache; prevent data corruption - try 2.
Also change CJBig2_SymbolDict::DeepCopy() to return a unique_ptr to
prevent a potential leak if the cache size was 0.
BUG=pdfium:207
R=tsepez@chromium.org, jbreiden@google.com
Review URL: https://codereview.chromium.org/1374633004 .
| -rw-r--r-- | core/src/fxcodec/jbig2/JBig2_Context.cpp | 13 | ||||
| -rw-r--r-- | core/src/fxcodec/jbig2/JBig2_SymbolDict.cpp | 16 | ||||
| -rw-r--r-- | core/src/fxcodec/jbig2/JBig2_SymbolDict.h | 15 |
3 files changed, 28 insertions, 16 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_Context.cpp b/core/src/fxcodec/jbig2/JBig2_Context.cpp index f2c44b726a..ca895e5b9c 100644 --- a/core/src/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Context.cpp @@ -25,7 +25,10 @@ // // Disabled until we can figure out how to clear cache between documents. // https://code.google.com/p/pdfium/issues/detail?id=207 +#define DISABLE_SYMBOL_CACHE +#ifndef DISABLE_SYMBOL_CACHE static const int kSymbolDictCacheMaxSize = 2; +#endif CJBig2_Context* CJBig2_Context::CreateContext( const uint8_t* pGlobalData, @@ -623,7 +626,8 @@ int32_t CJBig2_Context::parseSymbolDict(CJBig2_Segment* pSegment, for (std::list<CJBig2_CachePair>::iterator it = m_pSymbolDictCache->begin(); it != m_pSymbolDictCache->end(); ++it) { if (it->first == key) { - pSegment->m_Result.sd = it->second->DeepCopy(); + nonstd::unique_ptr<CJBig2_SymbolDict> copy(it->second->DeepCopy()); + pSegment->m_Result.sd = copy.release(); m_pSymbolDictCache->push_front(*it); m_pSymbolDictCache->erase(it); cache_hit = true; @@ -651,14 +655,17 @@ int32_t CJBig2_Context::parseSymbolDict(CJBig2_Segment* pSegment, } m_pStream->alignByte(); } - CJBig2_SymbolDict* value = pSegment->m_Result.sd->DeepCopy(); +#ifndef DISABLE_SYMBOL_CACHE + nonstd::unique_ptr<CJBig2_SymbolDict> value = + pSegment->m_Result.sd->DeepCopy(); if (value && kSymbolDictCacheMaxSize > 0) { while (m_pSymbolDictCache->size() >= kSymbolDictCacheMaxSize) { delete m_pSymbolDictCache->back().second; m_pSymbolDictCache->pop_back(); } - m_pSymbolDictCache->push_front(CJBig2_CachePair(key, value)); + m_pSymbolDictCache->push_front(CJBig2_CachePair(key, value.release())); } +#endif } if (wFlags & 0x0200) { pSegment->m_Result.sd->m_bContextRetained = TRUE; diff --git a/core/src/fxcodec/jbig2/JBig2_SymbolDict.cpp b/core/src/fxcodec/jbig2/JBig2_SymbolDict.cpp index ef02df1072..1ec56dfacc 100644 --- a/core/src/fxcodec/jbig2/JBig2_SymbolDict.cpp +++ b/core/src/fxcodec/jbig2/JBig2_SymbolDict.cpp @@ -7,6 +7,7 @@ #include "JBig2_SymbolDict.h" #include "../../../include/fxcrt/fx_memory.h" +#include "JBig2_Image.h" CJBig2_SymbolDict::CJBig2_SymbolDict() { SDNUMEXSYMS = 0; @@ -15,15 +16,16 @@ CJBig2_SymbolDict::CJBig2_SymbolDict() { m_gbContext = m_grContext = NULL; } -CJBig2_SymbolDict* CJBig2_SymbolDict::DeepCopy() { - CJBig2_SymbolDict* src = this; - if (src->m_bContextRetained || src->m_gbContext || src->m_grContext) { - return NULL; - } - CJBig2_SymbolDict* dst = new CJBig2_SymbolDict; +nonstd::unique_ptr<CJBig2_SymbolDict> CJBig2_SymbolDict::DeepCopy() const { + nonstd::unique_ptr<CJBig2_SymbolDict> dst; + const CJBig2_SymbolDict* src = this; + if (src->m_bContextRetained || src->m_gbContext || src->m_grContext) + return dst; + + dst.reset(new CJBig2_SymbolDict); dst->SDNUMEXSYMS = src->SDNUMEXSYMS; dst->SDEXSYMS = FX_Alloc(CJBig2_Image*, src->SDNUMEXSYMS); - for (FX_DWORD i = 0; i < src->SDNUMEXSYMS; i++) { + for (FX_DWORD i = 0; i < src->SDNUMEXSYMS; ++i) { if (src->SDEXSYMS[i]) { dst->SDEXSYMS[i] = new CJBig2_Image(*(src->SDEXSYMS[i])); } else { diff --git a/core/src/fxcodec/jbig2/JBig2_SymbolDict.h b/core/src/fxcodec/jbig2/JBig2_SymbolDict.h index 19d0f606a5..c8e39dc845 100644 --- a/core/src/fxcodec/jbig2/JBig2_SymbolDict.h +++ b/core/src/fxcodec/jbig2/JBig2_SymbolDict.h @@ -4,19 +4,22 @@ // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com -#ifndef _JBIG2_SYMBOL_DICT_H_ -#define _JBIG2_SYMBOL_DICT_H_ +#ifndef CORE_SRC_FXCODEC_JBIG2_JBIG2_SYMBOLDICT_H_ +#define CORE_SRC_FXCODEC_JBIG2_JBIG2_SYMBOLDICT_H_ +#include "../../../../third_party/base/nonstd_unique_ptr.h" +#include "../../../include/fxcrt/fx_basic.h" #include "JBig2_ArithDecoder.h" -#include "JBig2_Define.h" -#include "JBig2_Image.h" + +class CJBig2_Image; class CJBig2_SymbolDict { public: CJBig2_SymbolDict(); - CJBig2_SymbolDict* DeepCopy(); ~CJBig2_SymbolDict(); + nonstd::unique_ptr<CJBig2_SymbolDict> DeepCopy() const; + public: FX_DWORD SDNUMEXSYMS; CJBig2_Image** SDEXSYMS; @@ -25,4 +28,4 @@ class CJBig2_SymbolDict { JBig2ArithCtx* m_grContext; }; -#endif +#endif // CORE_SRC_FXCODEC_JBIG2_JBIG2_SYMBOLDICT_H_ |