diff options
| author | Jun Fang <jun_fang@foxitsoftware.com> | 2016-01-07 15:10:43 +0800 |
|---|---|---|
| committer | Jun Fang <jun_fang@foxitsoftware.com> | 2016-01-07 15:10:43 +0800 |
| commit | 3115624972b15136e2b01da4929af4071d4d0bda (patch) | |
| tree | 1d8b6f6a495749d5bc1cbaf1a6b4f12d196e1f57 /xfa | |
| parent | 7457e38fae636ce3d0cda2c7fd2e100975440222 (diff) | |
| download | pdfium-3115624972b15136e2b01da4929af4071d4d0bda.tar.xz | |
Fix writing to read-only region in CXFA_TextParser::GetHorScale().
The reference count didn't increase when a
computed style object was referred.
BUG=pdfium:281
R=tsepez@chromium.org
Review URL: https://codereview.chromium.org/1527263002 .
Diffstat (limited to 'xfa')
| -rw-r--r-- | xfa/src/fxfa/src/app/xfa_textlayout.cpp | 15 | ||||
| -rw-r--r-- | xfa/src/fxfa/src/app/xfa_textlayout.h | 6 |
2 files changed, 12 insertions, 9 deletions
diff --git a/xfa/src/fxfa/src/app/xfa_textlayout.cpp b/xfa/src/fxfa/src/app/xfa_textlayout.cpp index efdc116106..e620924441 100644 --- a/xfa/src/fxfa/src/app/xfa_textlayout.cpp +++ b/xfa/src/fxfa/src/app/xfa_textlayout.cpp @@ -215,17 +215,16 @@ IFDE_CSSComputedStyle* CXFA_TextParser::CreateStyle( IFDE_CSSComputedStyle* CXFA_TextParser::ComputeStyle(
IFDE_XMLNode* pXMLNode,
IFDE_CSSComputedStyle* pParentStyle) {
- CXFA_TextParseContext* pContext =
- (CXFA_TextParseContext*)m_mapXMLNodeToParseContext.GetValueAt(pXMLNode);
- if (pContext == NULL) {
- return NULL;
- }
+ CXFA_TextParseContext* pContext = static_cast<CXFA_TextParseContext*>(
+ m_mapXMLNodeToParseContext.GetValueAt(pXMLNode));
+ if (!pContext)
+ return nullptr;
pContext->m_pParentStyle = pParentStyle;
+ pParentStyle->AddRef();
CXFA_CSSTagProvider tagProvider;
ParseTagInfo(pXMLNode, tagProvider);
- if (tagProvider.m_bContent) {
- return NULL;
- }
+ if (tagProvider.m_bContent)
+ return nullptr;
IFDE_CSSComputedStyle* pStyle = CreateStyle(pParentStyle);
IFDE_CSSAccelerator* pCSSAccel = m_pSelector->InitAccelerator();
pCSSAccel->OnEnterTag(&tagProvider);
diff --git a/xfa/src/fxfa/src/app/xfa_textlayout.h b/xfa/src/fxfa/src/app/xfa_textlayout.h index cbd315993c..b47b37359a 100644 --- a/xfa/src/fxfa/src/app/xfa_textlayout.h +++ b/xfa/src/fxfa/src/app/xfa_textlayout.h @@ -49,7 +49,11 @@ class CXFA_TextParseContext : public CFX_Target { m_ppMatchedDecls(nullptr),
m_dwMatchedDecls(0),
m_eDisplay(FDE_CSSDISPLAY_None) {}
- ~CXFA_TextParseContext() { FX_Free(m_ppMatchedDecls); }
+ ~CXFA_TextParseContext() {
+ if (m_pParentStyle)
+ m_pParentStyle->Release();
+ FX_Free(m_ppMatchedDecls);
+ }
void SetDisplay(FDE_CSSDISPLAY eDisplay) { m_eDisplay = eDisplay; }
FDE_CSSDISPLAY GetDisplay() const { return m_eDisplay; }
void SetDecls(const IFDE_CSSDeclaration** ppDeclArray, int32_t iDeclCount);
|