summaryrefslogtreecommitdiff
path: root/core/fpdfapi/parser
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2017-08-23 22:59:11 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-08-28 18:03:23 +0000
commit91f443f4f3b9682959435a5417b48975729b9338 (patch)
tree276bdca29d495f13e524dcb2b0b5e0650f8f3ec2 /core/fpdfapi/parser
parent8a4494034eb77bbc3453108616cc5dd67d3adbef (diff)
downloadpdfium-91f443f4f3b9682959435a5417b48975729b9338.tar.xz
Move replaced indirect objects to the orphans list.
ReplaceIndirectObjectIfHigherGeneration() deletes replaced objects, but those objects may be in use. So move them to the orphans list instead to avoid potential dangling pointers. BUG=chromium:757705 Change-Id: Ide83a1b85b754166d298fd50e655ca331ba4f942 Reviewed-on: https://pdfium-review.googlesource.com/11670 Reviewed-by: Art Snake <art-snake@yandex-team.ru> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r--core/fpdfapi/parser/cpdf_indirect_object_holder.cpp1
-rw-r--r--core/fpdfapi/parser/cpdf_parser_embeddertest.cpp4
2 files changed, 5 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
index 3037d0b9b5..93795b62be 100644
--- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
+++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
@@ -75,6 +75,7 @@ bool CPDF_IndirectObjectHolder::ReplaceIndirectObjectIfHigherGeneration(
return false;
pObj->m_ObjNum = objnum;
+ m_OrphanObjs.push_back(std::move(m_IndirectObjs[objnum]));
m_IndirectObjs[objnum] = std::move(pObj);
m_LastObjNum = std::max(m_LastObjNum, objnum);
return true;
diff --git a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
index fa3a76a4c4..99bc2c2d42 100644
--- a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
+++ b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp
@@ -53,3 +53,7 @@ TEST_F(CPDFParserEmbeddertest, Bug_602650) {
FPDFText_ClosePage(text_page);
UnloadPage(page);
}
+
+TEST_F(CPDFParserEmbeddertest, Bug_757705) {
+ EXPECT_TRUE(OpenDocument("bug_757705.pdf"));
+}