summaryrefslogtreecommitdiff
path: root/core/fpdfapi/fpdf_edit
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-09-20 13:23:21 -0700
committerCommit bot <commit-bot@chromium.org>2016-09-20 13:23:21 -0700
commit5a399de2945d7b244802565d8e9d2f6e662561da (patch)
tree9c25da0dd44043f69b750a9071533596aa92c6e3 /core/fpdfapi/fpdf_edit
parent0d726c0c9931979d9b0594d56b52c861e08e09ba (diff)
downloadpdfium-5a399de2945d7b244802565d8e9d2f6e662561da.tar.xz
Make CPDF_Array not do indirect object creation.
We remove the indirect object holder argument and check that call sites pass ownable objects, adding a reference in one place that always was passing an indirect object. Also check that the invariant isn't violated, we need to fail here in the wild and investigate -- these are existing UAFs. Review-Url: https://codereview.chromium.org/2355083002
Diffstat (limited to 'core/fpdfapi/fpdf_edit')
-rw-r--r--core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp b/core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp
index 45b8711efd..c43306317a 100644
--- a/core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp
+++ b/core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp
@@ -1940,7 +1940,7 @@ void CPDF_Creator::InitID(FX_BOOL bDefault) {
std::vector<uint8_t> buffer =
PDF_GenerateFileID((uint32_t)(uintptr_t) this, m_dwLastObjNum);
CFX_ByteString bsBuffer(buffer.data(), buffer.size());
- m_pIDArray->Add(new CPDF_String(bsBuffer, TRUE), m_pDocument);
+ m_pIDArray->Add(new CPDF_String(bsBuffer, TRUE));
}
}
if (!bDefault) {
@@ -1955,7 +1955,7 @@ void CPDF_Creator::InitID(FX_BOOL bDefault) {
std::vector<uint8_t> buffer =
PDF_GenerateFileID((uint32_t)(uintptr_t) this, m_dwLastObjNum);
CFX_ByteString bsBuffer(buffer.data(), buffer.size());
- m_pIDArray->Add(new CPDF_String(bsBuffer, TRUE), m_pDocument);
+ m_pIDArray->Add(new CPDF_String(bsBuffer, TRUE));
return;
}
m_pIDArray->Add(m_pIDArray->GetObjectAt(0)->Clone());