diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-05 17:09:11 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-05 17:09:11 -0700 |
commit | 1b1dd8a6907f4631044b1c03698170853af594a9 (patch) | |
tree | f9cc0978ba7ebfc31835e62aed983c9c36d50c31 /core/src/fxcodec/jbig2/JBig2_Context.cpp | |
parent | d607f5b9fc4c89ea480d882de6df80e6a6338b0b (diff) | |
download | pdfium-1b1dd8a6907f4631044b1c03698170853af594a9.tar.xz |
Merge to XFA: Disable JBIG2 cache; prevent data corruption - try 2.
Also change CJBig2_SymbolDict::DeepCopy() to return a unique_ptr to
prevent a potential leak if the cache size was 0.
BUG=pdfium:207
R=tsepez@chromium.org, jbreiden@google.com
Review URL: https://codereview.chromium.org/1374633004 .
(cherry picked from commit fd12ec5584d9a17f310a2c0c408a438ef3b1ce63)
Review URL: https://codereview.chromium.org/1390673002 .
Diffstat (limited to 'core/src/fxcodec/jbig2/JBig2_Context.cpp')
-rw-r--r-- | core/src/fxcodec/jbig2/JBig2_Context.cpp | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/core/src/fxcodec/jbig2/JBig2_Context.cpp b/core/src/fxcodec/jbig2/JBig2_Context.cpp index f2c44b726a..ca895e5b9c 100644 --- a/core/src/fxcodec/jbig2/JBig2_Context.cpp +++ b/core/src/fxcodec/jbig2/JBig2_Context.cpp @@ -25,7 +25,10 @@ // // Disabled until we can figure out how to clear cache between documents. // https://code.google.com/p/pdfium/issues/detail?id=207 +#define DISABLE_SYMBOL_CACHE +#ifndef DISABLE_SYMBOL_CACHE static const int kSymbolDictCacheMaxSize = 2; +#endif CJBig2_Context* CJBig2_Context::CreateContext( const uint8_t* pGlobalData, @@ -623,7 +626,8 @@ int32_t CJBig2_Context::parseSymbolDict(CJBig2_Segment* pSegment, for (std::list<CJBig2_CachePair>::iterator it = m_pSymbolDictCache->begin(); it != m_pSymbolDictCache->end(); ++it) { if (it->first == key) { - pSegment->m_Result.sd = it->second->DeepCopy(); + nonstd::unique_ptr<CJBig2_SymbolDict> copy(it->second->DeepCopy()); + pSegment->m_Result.sd = copy.release(); m_pSymbolDictCache->push_front(*it); m_pSymbolDictCache->erase(it); cache_hit = true; @@ -651,14 +655,17 @@ int32_t CJBig2_Context::parseSymbolDict(CJBig2_Segment* pSegment, } m_pStream->alignByte(); } - CJBig2_SymbolDict* value = pSegment->m_Result.sd->DeepCopy(); +#ifndef DISABLE_SYMBOL_CACHE + nonstd::unique_ptr<CJBig2_SymbolDict> value = + pSegment->m_Result.sd->DeepCopy(); if (value && kSymbolDictCacheMaxSize > 0) { while (m_pSymbolDictCache->size() >= kSymbolDictCacheMaxSize) { delete m_pSymbolDictCache->back().second; m_pSymbolDictCache->pop_back(); } - m_pSymbolDictCache->push_front(CJBig2_CachePair(key, value)); + m_pSymbolDictCache->push_front(CJBig2_CachePair(key, value.release())); } +#endif } if (wFlags & 0x0200) { pSegment->m_Result.sd->m_bContextRetained = TRUE; |