diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-01-30 17:38:00 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-01-30 17:38:00 +0000 |
commit | e563e8352139e4852a955e319023b09f2844aee9 (patch) | |
tree | a323757e674ebab8ee7da05c169435e1062d1c26 /core/fxcodec/jbig2 | |
parent | 1917cdd8c90b977772cdee16cf496e56dce1a2ad (diff) | |
download | pdfium-e563e8352139e4852a955e319023b09f2844aee9.tar.xz |
Use UnownedPtr instead of T* in MaybeOwned.
Always check the liftime in the unowned case. Doing so unearthed
the following issues:
Transient lifetime issue in jbig2_image when doing realloc().
Stale (but unused) dictionary pointer in CPDF_Image.
Destruction order in error branch in cpdf_dibsource.cpp
Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
Reviewed-on: https://pdfium-review.googlesource.com/24552
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/jbig2')
-rw-r--r-- | core/fxcodec/jbig2/JBig2_Image.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/fxcodec/jbig2/JBig2_Image.cpp b/core/fxcodec/jbig2/JBig2_Image.cpp index b0d75d4d96..d229e0ca01 100644 --- a/core/fxcodec/jbig2/JBig2_Image.cpp +++ b/core/fxcodec/jbig2/JBig2_Image.cpp @@ -234,8 +234,8 @@ void CJBig2_Image::expand(int32_t h, bool v) { return; if (m_pData.IsOwned()) { - m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>( - FX_Realloc(uint8_t, m_pData.Release().release(), h * m_nStride))); + m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>(FX_Realloc( + uint8_t, m_pData.ReleaseAndClear().release(), h * m_nStride))); } else { uint8_t* pExternalBuffer = data(); m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>( |