summaryrefslogtreecommitdiff
path: root/core/src/fpdfapi
diff options
context:
space:
mode:
authorJUN FANG <jun_fang@foxitsoftware.com>2014-12-17 13:58:56 -0800
committerJUN FANG <jun_fang@foxitsoftware.com>2014-12-17 14:06:56 -0800
commit1a6785b2dd574e61ee3d666fb7fff3f09599776d (patch)
tree8f9af29a206600918814549df0034cbb1e8e4cc3 /core/src/fpdfapi
parent9011fca3cb6b82ca214260df12895ab109eedf33 (diff)
downloadpdfium-1a6785b2dd574e61ee3d666fb7fff3f09599776d.tar.xz
XFA: merge patch from issue 803103002
Before this fix, the root will be released when an indirect object has the same object number with the root. However, the root object is loaded when the trailer is parsed. It shall not be updated or replaced anymore. BUG=425040 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/803103002
Diffstat (limited to 'core/src/fpdfapi')
-rw-r--r--core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp10
1 files changed, 9 insertions, 1 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
index a57771742a..0397971c95 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp
@@ -1007,7 +1007,15 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE pos, FX_FILESIZE& prev, FX_BOOL
return FALSE;
}
if (m_pDocument) {
- m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+ CPDF_Dictionary * pDict = m_pDocument->GetRoot();
+ if (!pDict || pDict->GetObjNum() != pStream->m_ObjNum) {
+ m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+ } else {
+ if (pStream->GetType() == PDFOBJ_STREAM) {
+ pStream->Release();
+ }
+ return FALSE;
+ }
}
if (pStream->GetType() != PDFOBJ_STREAM) {
return FALSE;