diff options
author | Lei Zhang <thestig@chromium.org> | 2017-08-23 22:59:11 -0700 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-08-28 18:03:23 +0000 |
commit | 91f443f4f3b9682959435a5417b48975729b9338 (patch) | |
tree | 276bdca29d495f13e524dcb2b0b5e0650f8f3ec2 /core/fpdfapi | |
parent | 8a4494034eb77bbc3453108616cc5dd67d3adbef (diff) | |
download | pdfium-91f443f4f3b9682959435a5417b48975729b9338.tar.xz |
Move replaced indirect objects to the orphans list.
ReplaceIndirectObjectIfHigherGeneration() deletes replaced objects, but
those objects may be in use. So move them to the orphans list instead to
avoid potential dangling pointers.
BUG=chromium:757705
Change-Id: Ide83a1b85b754166d298fd50e655ca331ba4f942
Reviewed-on: https://pdfium-review.googlesource.com/11670
Reviewed-by: Art Snake <art-snake@yandex-team.ru>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'core/fpdfapi')
-rw-r--r-- | core/fpdfapi/parser/cpdf_indirect_object_holder.cpp | 1 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_parser_embeddertest.cpp | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp index 3037d0b9b5..93795b62be 100644 --- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp @@ -75,6 +75,7 @@ bool CPDF_IndirectObjectHolder::ReplaceIndirectObjectIfHigherGeneration( return false; pObj->m_ObjNum = objnum; + m_OrphanObjs.push_back(std::move(m_IndirectObjs[objnum])); m_IndirectObjs[objnum] = std::move(pObj); m_LastObjNum = std::max(m_LastObjNum, objnum); return true; diff --git a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp index fa3a76a4c4..99bc2c2d42 100644 --- a/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp +++ b/core/fpdfapi/parser/cpdf_parser_embeddertest.cpp @@ -53,3 +53,7 @@ TEST_F(CPDFParserEmbeddertest, Bug_602650) { FPDFText_ClosePage(text_page); UnloadPage(page); } + +TEST_F(CPDFParserEmbeddertest, Bug_757705) { + EXPECT_TRUE(OpenDocument("bug_757705.pdf")); +} |