diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-01-30 17:38:00 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-01-30 17:38:00 +0000 |
commit | e563e8352139e4852a955e319023b09f2844aee9 (patch) | |
tree | a323757e674ebab8ee7da05c169435e1062d1c26 /core/fpdfapi | |
parent | 1917cdd8c90b977772cdee16cf496e56dce1a2ad (diff) | |
download | pdfium-e563e8352139e4852a955e319023b09f2844aee9.tar.xz |
Use UnownedPtr instead of T* in MaybeOwned.
Always check the liftime in the unowned case. Doing so unearthed
the following issues:
Transient lifetime issue in jbig2_image when doing realloc().
Stale (but unused) dictionary pointer in CPDF_Image.
Destruction order in error branch in cpdf_dibsource.cpp
Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
Reviewed-on: https://pdfium-review.googlesource.com/24552
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fpdfapi')
-rw-r--r-- | core/fpdfapi/page/cpdf_image.cpp | 26 | ||||
-rw-r--r-- | core/fpdfapi/page/cpdf_image.h | 4 | ||||
-rw-r--r-- | core/fpdfapi/render/cpdf_dibsource.cpp | 2 |
3 files changed, 12 insertions, 20 deletions
diff --git a/core/fpdfapi/page/cpdf_image.cpp b/core/fpdfapi/page/cpdf_image.cpp index 65ca78e08e..5f82886a9b 100644 --- a/core/fpdfapi/page/cpdf_image.cpp +++ b/core/fpdfapi/page/cpdf_image.cpp @@ -35,33 +35,27 @@ CPDF_Image::CPDF_Image(CPDF_Document* pDoc) : m_pDocument(pDoc) {} CPDF_Image::CPDF_Image(CPDF_Document* pDoc, std::unique_ptr<CPDF_Stream> pStream) - : m_bIsInline(true), - m_pDocument(pDoc), - m_pStream(std::move(pStream)), - m_pDict(ToDictionary(m_pStream->GetDict()->Clone())) { + : m_bIsInline(true), m_pDocument(pDoc), m_pStream(std::move(pStream)) { ASSERT(m_pStream.IsOwned()); - ASSERT(m_pDict.IsOwned()); - FinishInitialization(); + FinishInitialization(m_pStream->GetDict()); } CPDF_Image::CPDF_Image(CPDF_Document* pDoc, uint32_t dwStreamObjNum) : m_pDocument(pDoc), - m_pStream(ToStream(pDoc->GetIndirectObject(dwStreamObjNum))), - m_pDict(m_pStream->GetDict()) { + m_pStream(ToStream(pDoc->GetIndirectObject(dwStreamObjNum))) { ASSERT(!m_pStream.IsOwned()); - ASSERT(!m_pDict.IsOwned()); - FinishInitialization(); + FinishInitialization(m_pStream->GetDict()); } CPDF_Image::~CPDF_Image() {} -void CPDF_Image::FinishInitialization() { - m_pOC = m_pDict->GetDictFor("OC"); +void CPDF_Image::FinishInitialization(CPDF_Dictionary* pDict) { + m_pOC = pDict->GetDictFor("OC"); m_bIsMask = - !m_pDict->KeyExist("ColorSpace") || m_pDict->GetIntegerFor("ImageMask"); - m_bInterpolate = !!m_pDict->GetIntegerFor("Interpolate"); - m_Height = m_pDict->GetIntegerFor("Height"); - m_Width = m_pDict->GetIntegerFor("Width"); + !pDict->KeyExist("ColorSpace") || pDict->GetIntegerFor("ImageMask"); + m_bInterpolate = !!pDict->GetIntegerFor("Interpolate"); + m_Height = pDict->GetIntegerFor("Height"); + m_Width = pDict->GetIntegerFor("Width"); } void CPDF_Image::ConvertStreamToIndirectObject() { diff --git a/core/fpdfapi/page/cpdf_image.h b/core/fpdfapi/page/cpdf_image.h index 23864bbf6c..57cbe94ca2 100644 --- a/core/fpdfapi/page/cpdf_image.h +++ b/core/fpdfapi/page/cpdf_image.h @@ -29,7 +29,6 @@ class CPDF_Image : public Retainable { void ConvertStreamToIndirectObject(); - CPDF_Dictionary* GetInlineDict() const { return m_pDict.Get(); } CPDF_Stream* GetStream() const { return m_pStream.Get(); } CPDF_Dictionary* GetDict() const; CPDF_Dictionary* GetOC() const { return m_pOC.Get(); } @@ -68,7 +67,7 @@ class CPDF_Image : public Retainable { CPDF_Image(CPDF_Document* pDoc, uint32_t dwStreamObjNum); ~CPDF_Image() override; - void FinishInitialization(); + void FinishInitialization(CPDF_Dictionary* pStreamDict); std::unique_ptr<CPDF_Dictionary> InitJPEG(uint8_t* pData, uint32_t size); int32_t m_Height = 0; @@ -78,7 +77,6 @@ class CPDF_Image : public Retainable { bool m_bInterpolate = false; UnownedPtr<CPDF_Document> const m_pDocument; MaybeOwned<CPDF_Stream> m_pStream; - MaybeOwned<CPDF_Dictionary> m_pDict; UnownedPtr<CPDF_Dictionary> m_pOC; }; diff --git a/core/fpdfapi/render/cpdf_dibsource.cpp b/core/fpdfapi/render/cpdf_dibsource.cpp index aff63d102d..48715d2ecb 100644 --- a/core/fpdfapi/render/cpdf_dibsource.cpp +++ b/core/fpdfapi/render/cpdf_dibsource.cpp @@ -341,9 +341,9 @@ int CPDF_DIBSource::ContinueLoadDIBSource(IFX_PauseIndicator* pPause) { } if (iDecodeStatus < 0) { + m_pJbig2Context.reset(); m_pCachedBitmap.Reset(); m_pGlobalStream.Reset(); - m_pJbig2Context.reset(); return 0; } if (iDecodeStatus == FXCODEC_STATUS_DECODE_TOBECONTINUE) |