diff options
| author | tsepez <tsepez@chromium.org> | 2016-09-20 13:23:21 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-09-20 13:23:21 -0700 |
| commit | 5a399de2945d7b244802565d8e9d2f6e662561da (patch) | |
| tree | 9c25da0dd44043f69b750a9071533596aa92c6e3 /core/fpdfapi/fpdf_parser/include | |
| parent | 0d726c0c9931979d9b0594d56b52c861e08e09ba (diff) | |
| download | pdfium-5a399de2945d7b244802565d8e9d2f6e662561da.tar.xz | |
Make CPDF_Array not do indirect object creation.
We remove the indirect object holder argument and check that
call sites pass ownable objects, adding a reference in one
place that always was passing an indirect object.
Also check that the invariant isn't violated, we need to fail
here in the wild and investigate -- these are existing UAFs.
Review-Url: https://codereview.chromium.org/2355083002
Diffstat (limited to 'core/fpdfapi/fpdf_parser/include')
| -rw-r--r-- | core/fpdfapi/fpdf_parser/include/cpdf_array.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/core/fpdfapi/fpdf_parser/include/cpdf_array.h b/core/fpdfapi/fpdf_parser/include/cpdf_array.h index 8c89a060eb..1e8c612710 100644 --- a/core/fpdfapi/fpdf_parser/include/cpdf_array.h +++ b/core/fpdfapi/fpdf_parser/include/cpdf_array.h @@ -43,15 +43,11 @@ class CPDF_Array : public CPDF_Object { CFX_Matrix GetMatrix(); CFX_FloatRect GetRect(); - void SetAt(size_t index, - CPDF_Object* pObj, - CPDF_IndirectObjectHolder* pObjs = nullptr); - void InsertAt(size_t index, - CPDF_Object* pObj, - CPDF_IndirectObjectHolder* pObjs = nullptr); + void SetAt(size_t index, CPDF_Object* pObj); + void InsertAt(size_t index, CPDF_Object* pObj); void RemoveAt(size_t index, size_t nCount = 1); - void Add(CPDF_Object* pObj, CPDF_IndirectObjectHolder* pObjs = nullptr); + void Add(CPDF_Object* pObj); void AddNumber(FX_FLOAT f); void AddInteger(int i); void AddString(const CFX_ByteString& str); |