summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-09-23 12:21:10 -0700
committerCommit bot <commit-bot@chromium.org>2016-09-23 12:21:10 -0700
commit7757143c12c972c9b0813b5b53cecba33544e7f8 (patch)
tree80970d1293d42cb93254fa35ac8293776e0b16e9 /core
parent4dd613cb51c1d77ac2998f760325ed5b93f4ebf0 (diff)
downloadpdfium-7757143c12c972c9b0813b5b53cecba33544e7f8.tar.xz
Avoid collisions in CPDF_IndirectObjectHolder::AddIndirectObject()
The change at 5b7c9bb differed from the original code in that a pre-existing object would now be freed, which showed that a collision could be possible if m_LastObjNum overflowed. BUG=649206 Review-Url: https://codereview.chromium.org/2361303002
Diffstat (limited to 'core')
-rw-r--r--core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp
index 800e34b3d1..0a15e2dce1 100644
--- a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp
+++ b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp
@@ -47,6 +47,7 @@ uint32_t CPDF_IndirectObjectHolder::AddIndirectObject(CPDF_Object* pObj) {
return pObj->m_ObjNum;
m_LastObjNum++;
+ m_IndirectObjs[m_LastObjNum].release(); // TODO(tsepez): stop this leak.
m_IndirectObjs[m_LastObjNum].reset(pObj);
pObj->m_ObjNum = m_LastObjNum;
return m_LastObjNum;