diff options
author | thestig <thestig@chromium.org> | 2016-05-11 12:59:05 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-05-11 12:59:05 -0700 |
commit | 35c2100a5f6a466635bf99b4e7117d23aeb54d2c (patch) | |
tree | 7c43d12236cc1b9ceffd22387a0f884502a39a1b /core/fpdfapi/fpdf_parser/cpdf_hint_tables.h | |
parent | 877a547fdbd461e75c309c0f24135ba663027b81 (diff) | |
download | pdfium-35c2100a5f6a466635bf99b4e7117d23aeb54d2c.tar.xz |
Fix a potential UAF with FPDFAvail_IsLinearized().
Cache the linearized result rather than recalculating it.
BUG=608778
Review-Url: https://codereview.chromium.org/1968743002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/cpdf_hint_tables.h')
-rw-r--r-- | core/fpdfapi/fpdf_parser/cpdf_hint_tables.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.h b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.h index 28ccccb6fc..33b6b39323 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_hint_tables.h +++ b/core/fpdfapi/fpdf_parser/cpdf_hint_tables.h @@ -21,8 +21,8 @@ class CPDF_Stream; class CPDF_HintTables { public: CPDF_HintTables(CPDF_DataAvail* pDataAvail, CPDF_Dictionary* pLinearized) - : m_pLinearizedDict(pLinearized), - m_pDataAvail(pDataAvail), + : m_pDataAvail(pDataAvail), + m_pLinearizedDict(pLinearized), m_nFirstPageSharedObjs(0), m_szFirstPageObjOffset(0) {} ~CPDF_HintTables(); @@ -47,8 +47,12 @@ class CPDF_HintTables { int ReadPrimaryHintStreamOffset() const; int ReadPrimaryHintStreamLength() const; - CPDF_Dictionary* m_pLinearizedDict; - CPDF_DataAvail* m_pDataAvail; + // Owner, outlives this object. + CPDF_DataAvail* const m_pDataAvail; + + // Owned by |m_pDataAvail|. + CPDF_Dictionary* const m_pLinearizedDict; + uint32_t m_nFirstPageSharedObjs; FX_FILESIZE m_szFirstPageObjOffset; CFX_ArrayTemplate<uint32_t> m_dwDeltaNObjsArray; |