Fix heap use after free in FT_Stream_ReleaseFrame

Adjust the release order of resource to fix this issue. BUG=452793 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1082023002
author: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-16 15:19:04 -0700
committer: JUN FANG <jun_fang@foxitsoftware.com> 2015-04-16 15:19:04 -0700
commit: f66cfd7369b3c12cd0ed4c47c49377ed01727abd (patch)
tree: 7aa2ca3ffd3d05c8460a2d27cec568459338a583 /core/src/fxge/ge/fx_ge_fontmap.cpp
parent: 81ab23b0c3c419f3dc4e6cd2012f042a40a9741e (diff)
download: pdfium-f66cfd7369b3c12cd0ed4c47c49377ed01727abd.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/core/src/fxge/ge/fx_ge_fontmap.cpp b/core/src/fxge/ge/fx_ge_fontmap.cpp
index fce535cea8..3230ea0ce1 100644
--- a/core/src/fxge/ge/fx_ge_fontmap.cpp
+++ b/core/src/fxge/ge/fx_ge_fontmap.cpp
@@ -394,6 +394,7 @@ void CFX_FontMgr::ReleaseFace(FXFT_Face face)
     if (face == NULL) {
         return;
     }
+    FX_BOOL bFaceDone = FALSE;
     FX_POSITION pos = m_FaceMap.GetStartPosition();
     while(pos) {
         CFX_ByteString Key;
@@ -401,8 +402,12 @@ void CFX_FontMgr::ReleaseFace(FXFT_Face face)
         m_FaceMap.GetNextAssoc(pos, Key, (void*&)ttface);
         if (ttface->ReleaseFace(face)) {
             m_FaceMap.RemoveKey(Key);
+            bFaceDone = TRUE;
         }
     }
+    if (!bFaceDone) {
+        FXFT_Done_Face(face);
+    }
 }
 extern "C" {
     extern const unsigned char g_FoxitFixedItalicFontData [18746];
author	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-16 15:19:04 -0700
committer	JUN FANG <jun_fang@foxitsoftware.com>	2015-04-16 15:19:04 -0700
commit	f66cfd7369b3c12cd0ed4c47c49377ed01727abd (patch)
tree	7aa2ca3ffd3d05c8460a2d27cec568459338a583 /core/src/fxge/ge/fx_ge_fontmap.cpp
parent	81ab23b0c3c419f3dc4e6cd2012f042a40a9741e (diff)
download	pdfium-f66cfd7369b3c12cd0ed4c47c49377ed01727abd.tar.xz