Bad indexing in CPDF_Document::FindPageIndex when page tree corrupt.

Moving to std::vector from the more forgiving CFX_ArrayTemplate
revealed the dubious page tree traversal, which depends on the
correctness of the /Count entries to properly summarize the total
descendants under a given node.

The only "correct" thing to do is to throw away these counts as parsed,
and re-compute them, perhaps in CountPages().  But I'm not willing to do
that since it may break unknown documents in the wild.

Pass out-params as pointers while we're at it.

BUG=680376

Review-Url: https://codereview.chromium.org/2636403003

1 files changed, 2 insertions, 2 deletions

diff --git a/core/fpdfapi/parser/cpdf_document.h b/core/fpdfapi/parser/cpdf_document.h
index 65455480a4..3848ad6220 100644
--- a/core/fpdfapi/parser/cpdf_document.h
+++ b/core/fpdfapi/parser/cpdf_document.h
@@ -106,9 +106,9 @@ class CPDF_Document : public CPDF_IndirectObjectHolder {
   // When this method is called, m_pTreeTraversal[level] exists.
   CPDF_Dictionary* TraversePDFPages(int iPage, int* nPagesToGo, size_t level);
   int FindPageIndex(CPDF_Dictionary* pNode,
-                    uint32_t& skip_count,
+                    uint32_t* skip_count,
                     uint32_t objnum,
-                    int& index,
+                    int* index,
                     int level = 0);
   std::unique_ptr<CPDF_Object> ParseIndirectObject(uint32_t objnum) override;
   void LoadDocInternal();