diff options
author | Lei Zhang <thestig@chromium.org> | 2015-10-26 14:05:07 -0700 |
---|---|---|
committer | Lei Zhang <thestig@chromium.org> | 2015-10-26 14:05:07 -0700 |
commit | b1abf37585d86df780603a5d8a5a6af4161202a6 (patch) | |
tree | 1b37a9f3280c655c8f5b7fc56a62d197f0dbe65d /core/src | |
parent | bf81c14cdb2b336a62f97119315f6bc43502e840 (diff) | |
download | pdfium-b1abf37585d86df780603a5d8a5a6af4161202a6.tar.xz |
Merge to XFA: Fix a leak in CPDF_SyntaxParser::GetObject().
As seen in FPDFViewEmbeddertest.Crasher_451830.
TBR=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1385803002 .
(cherry picked from commit a568ff2dddd3ef44f224d21b31afff8eb14b6d31)
Review URL: https://codereview.chromium.org/1420303005 .
Diffstat (limited to 'core/src')
-rw-r--r-- | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index d486cfe231..27cc8688cc 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -2139,6 +2139,13 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, ++nKeys; key = PDF_NameDecode(key); + if (key.IsEmpty()) + continue; + + CFX_ByteStringC keyNoSlash(key.c_str() + 1, key.GetLength() - 1); + if (keyNoSlash.IsEmpty()) + continue; + if (key == FX_BSTRC("/Contents")) dwSignValuePos = m_Pos; @@ -2146,14 +2153,12 @@ CPDF_Object* CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects* pObjList, if (!pObj) continue; - if (key.GetLength() >= 1) { - if (nKeys < 32) { - pDict->SetAt(CFX_ByteStringC(key.c_str() + 1, key.GetLength() - 1), - pObj); - } else { - pDict->AddValue(CFX_ByteStringC(key.c_str() + 1, key.GetLength() - 1), - pObj); - } + // TODO(thestig): Remove this conditional once CPDF_Dictionary has a + // better underlying map implementation. + if (nKeys < 32) { + pDict->SetAt(keyNoSlash, pObj); + } else { + pDict->AddValue(keyNoSlash, pObj); } } |