diff options
author | tsepez <tsepez@chromium.org> | 2016-11-04 11:02:59 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-11-04 11:02:59 -0700 |
commit | 761eed284e1248f851fbb23beaa45835b644ecee (patch) | |
tree | 34cff2bb264236174957fb0b7fc7a8c3c1f26e30 /core/fpdfapi/parser | |
parent | f0d5b6c35fa343108a3ab7a25bc2cc2b3cf105b3 (diff) | |
download | pdfium-761eed284e1248f851fbb23beaa45835b644ecee.tar.xz |
Assert objnum non-zero in ReplaceIndirectObjectIfHigherGeneration()
Removes a path where it might not have taken ownership of an object,
at the expense of making callers check first. This eases making
the second argument an unique_ptr someday.
Review-Url: https://codereview.chromium.org/2475823002
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r-- | core/fpdfapi/parser/cfdf_document.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_indirect_object_holder.cpp | 3 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_parser.cpp | 8 |
3 files changed, 10 insertions, 4 deletions
diff --git a/core/fpdfapi/parser/cfdf_document.cpp b/core/fpdfapi/parser/cfdf_document.cpp index d39ec31d3c..bcaa9daec3 100644 --- a/core/fpdfapi/parser/cfdf_document.cpp +++ b/core/fpdfapi/parser/cfdf_document.cpp @@ -58,6 +58,9 @@ void CFDF_Document::ParseStream(IFX_SeekableReadStream* pFile, bool bOwnFile) { CFX_ByteString word = parser.GetNextWord(&bNumber); if (bNumber) { uint32_t objnum = FXSYS_atoui(word.c_str()); + if (!objnum) + break; + word = parser.GetNextWord(&bNumber); if (!bNumber) break; diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp index 6e549de5a7..9427543396 100644 --- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp @@ -56,7 +56,8 @@ uint32_t CPDF_IndirectObjectHolder::AddIndirectObject(CPDF_Object* pObj) { bool CPDF_IndirectObjectHolder::ReplaceIndirectObjectIfHigherGeneration( uint32_t objnum, CPDF_Object* pObj) { - if (!objnum || !pObj) + ASSERT(objnum); + if (!pObj) return false; CPDF_Object* pOldObj = GetIndirectObject(objnum); diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp index cff0f77b32..96e59fb62f 100644 --- a/core/fpdfapi/parser/cpdf_parser.cpp +++ b/core/fpdfapi/parser/cpdf_parser.cpp @@ -960,14 +960,16 @@ bool CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, bool bMainXRef) { if (!pObject) return false; - CPDF_Object* pUnownedObject = pObject.get(); + uint32_t objnum = pObject->m_ObjNum; + if (!objnum) + return false; + CPDF_Object* pUnownedObject = pObject.get(); if (m_pDocument) { CPDF_Dictionary* pRootDict = m_pDocument->GetRoot(); - if (pRootDict && pRootDict->GetObjNum() == pObject->m_ObjNum) + if (pRootDict && pRootDict->GetObjNum() == objnum) return false; // Takes ownership of object (std::move someday). - uint32_t objnum = pObject->m_ObjNum; if (!m_pDocument->ReplaceIndirectObjectIfHigherGeneration( objnum, pObject.release())) { return false; |