diff options
| author | Tom Sepez <tsepez@chromium.org> | 2017-05-23 17:21:01 -0700 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-05-24 16:41:29 +0000 |
| commit | 08f4b7762a4453818c76c680f5295986e21418ce (patch) | |
| tree | c6a771759b639180add570f4dd882d103f8efe9c /core/fpdfapi/font | |
| parent | 129b0135adf99be8e2c3015267a4689c6d62dca1 (diff) | |
| download | pdfium-08f4b7762a4453818c76c680f5295986e21418ce.tar.xz | |
Convert to CFX_UnownedPtr, part 4.
Fix strange ownership issue in cpdf_type3char.cpp, and
describe the absolutely insane stuff happening there.
Change-Id: Iae70f9eca8f125ed3ef677729f1776ba9f10183c
Reviewed-on: https://pdfium-review.googlesource.com/5830
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'core/fpdfapi/font')
| -rw-r--r-- | core/fpdfapi/font/cpdf_cidfont.h | 3 | ||||
| -rw-r--r-- | core/fpdfapi/font/cpdf_type3char.cpp | 19 |
2 files changed, 17 insertions, 5 deletions
diff --git a/core/fpdfapi/font/cpdf_cidfont.h b/core/fpdfapi/font/cpdf_cidfont.h index 0fd5e63f1c..07982a418f 100644 --- a/core/fpdfapi/font/cpdf_cidfont.h +++ b/core/fpdfapi/font/cpdf_cidfont.h @@ -12,6 +12,7 @@ #include "core/fpdfapi/font/cpdf_font.h" #include "core/fxcrt/cfx_retain_ptr.h" +#include "core/fxcrt/cfx_unowned_ptr.h" #include "core/fxcrt/fx_string.h" #include "core/fxcrt/fx_system.h" @@ -73,7 +74,7 @@ class CPDF_CIDFont : public CPDF_Font { wchar_t GetUnicodeFromCharCode(uint32_t charcode) const; CFX_RetainPtr<CPDF_CMap> m_pCMap; - CPDF_CID2UnicodeMap* m_pCID2UnicodeMap; + CFX_UnownedPtr<CPDF_CID2UnicodeMap> m_pCID2UnicodeMap; CIDSet m_Charset; bool m_bType1; bool m_bCIDIsGID; diff --git a/core/fpdfapi/font/cpdf_type3char.cpp b/core/fpdfapi/font/cpdf_type3char.cpp index d9794c27d3..e11193fdaa 100644 --- a/core/fpdfapi/font/cpdf_type3char.cpp +++ b/core/fpdfapi/font/cpdf_type3char.cpp @@ -31,10 +31,21 @@ bool CPDF_Type3Char::LoadBitmap(CPDF_RenderContext* pContext) { return false; m_ImageMatrix = pPageObj->AsImage()->matrix(); - CFX_RetainPtr<CFX_DIBSource> pSource = - pPageObj->AsImage()->GetImage()->LoadDIBSource(); - if (pSource) - m_pBitmap = pSource->Clone(nullptr); + { + // |pSource| actually gets assigned a CPDF_DIBSource, which has pointers + // into objects owned by |m_pForm|. Make sure it is out of scope before + // clearing the form. + CFX_RetainPtr<CFX_DIBSource> pSource = + pPageObj->AsImage()->GetImage()->LoadDIBSource(); + + // Clone() is non-virtual, and can't be overloaded by CPDF_DIBSource to + // return a clone of the subclass as one would typically expect from a + // such a method. Instead, it only clones the CFX_DIBSource, none of whose + // members point to objects owned by the form. As a result, |m_pBitmap| + // may outlive |m_pForm|. + if (pSource) + m_pBitmap = pSource->Clone(nullptr); + } m_pForm.reset(); return true; } |