From 137a344ad02056107e2e01d5d55f5e97d21fa74b Mon Sep 17 00:00:00 2001 From: tsepez Date: Mon, 14 Nov 2016 15:03:55 -0800 Subject: Make CPDF_PageContentGenerator methods take object numbers This patch fixes a possibility that an owned CPDF_Stream is handed to the indirect object holder inside RealizeResource(). Its arguments are changed to take an object number, as is done elsewhere in the code, to suggest that only indirect objects are acceptable. BUG=660756 Review-Url: https://codereview.chromium.org/2489423002 --- core/fpdfapi/edit/cpdf_pagecontentgenerator.cpp | 26 +++++++++++++++--------- core/fpdfapi/edit/cpdf_pagecontentgenerator.h | 2 +- core/fpdfapi/page/cpdf_docpagedata.cpp | 26 ++++++++---------------- core/fpdfapi/page/cpdf_docpagedata.h | 4 ++-- core/fpdfapi/page/cpdf_image.cpp | 27 +++++++++++++++---------- core/fpdfapi/page/cpdf_image.h | 1 + core/fpdfapi/page/cpdf_imageobject.cpp | 2 +- core/fpdfapi/page/cpdf_streamcontentparser.cpp | 8 ++------ core/fpdfapi/parser/cpdf_document.cpp | 9 +++------ core/fpdfapi/parser/cpdf_document.h | 2 +- 10 files changed, 51 insertions(+), 56 deletions(-) diff --git a/core/fpdfapi/edit/cpdf_pagecontentgenerator.cpp b/core/fpdfapi/edit/cpdf_pagecontentgenerator.cpp index 20b4ea6eaf..c27ca044e6 100644 --- a/core/fpdfapi/edit/cpdf_pagecontentgenerator.cpp +++ b/core/fpdfapi/edit/cpdf_pagecontentgenerator.cpp @@ -59,8 +59,9 @@ void CPDF_PageContentGenerator::GenerateContent() { } CFX_ByteString CPDF_PageContentGenerator::RealizeResource( - CPDF_Object* pResourceObj, + uint32_t dwResourceObjNum, const CFX_ByteString& bsType) { + ASSERT(dwResourceObjNum); if (!m_pPage->m_pResources) { m_pPage->m_pResources = new CPDF_Dictionary(m_pDocument->GetByteStringPool()); @@ -82,8 +83,7 @@ CFX_ByteString CPDF_PageContentGenerator::RealizeResource( } idnum++; } - pResList->SetReferenceFor(name, m_pDocument, - m_pDocument->AddIndirectObject(pResourceObj)); + pResList->SetReferenceFor(name, m_pDocument, dwResourceObjNum); return name; } @@ -104,9 +104,13 @@ void CPDF_PageContentGenerator::ProcessImage(CFX_ByteTextBuf& buf, return; bool bWasInline = pStream->IsInline(); - CFX_ByteString name = RealizeResource(pStream, "XObject"); if (bWasInline) - pImageObj->SetUnownedImage(m_pDocument->GetPageData()->GetImage(pStream)); + pImage->ConvertStreamToIndirectObject(); + + uint32_t dwObjNum = pStream->GetObjNum(); + CFX_ByteString name = RealizeResource(dwObjNum, "XObject"); + if (bWasInline) + pImageObj->SetUnownedImage(m_pDocument->GetPageData()->GetImage(dwObjNum)); buf << "/" << PDF_NameEncode(name) << " Do Q\n"; } @@ -118,20 +122,22 @@ void CPDF_PageContentGenerator::ProcessForm(CFX_ByteTextBuf& buf, if (!data || !size) return; + buf << "q " << matrix << " cm "; + + CFX_FloatRect bbox = m_pPage->GetPageBBox(); + matrix.TransformRect(bbox); + CPDF_Dictionary* pFormDict = new CPDF_Dictionary(m_pDocument->GetByteStringPool()); pFormDict->SetNameFor("Type", "XObject"); pFormDict->SetNameFor("Subtype", "Form"); - - CFX_FloatRect bbox = m_pPage->GetPageBBox(); - matrix.TransformRect(bbox); pFormDict->SetRectFor("BBox", bbox); CPDF_Stream* pStream = new CPDF_Stream; pStream->InitStream(data, size, pFormDict); - buf << "q " << matrix << " cm "; - CFX_ByteString name = RealizeResource(pStream, "XObject"); + CFX_ByteString name = + RealizeResource(m_pDocument->AddIndirectObject(pStream), "XObject"); buf << "/" << PDF_NameEncode(name) << " Do Q\n"; } diff --git a/core/fpdfapi/edit/cpdf_pagecontentgenerator.h b/core/fpdfapi/edit/cpdf_pagecontentgenerator.h index ce605f0dfe..df8d3b0f8e 100644 --- a/core/fpdfapi/edit/cpdf_pagecontentgenerator.h +++ b/core/fpdfapi/edit/cpdf_pagecontentgenerator.h @@ -34,7 +34,7 @@ class CPDF_PageContentGenerator { const uint8_t* data, uint32_t size, CFX_Matrix& matrix); - CFX_ByteString RealizeResource(CPDF_Object* pResourceObj, + CFX_ByteString RealizeResource(uint32_t dwResourceObjNum, const CFX_ByteString& bsType); CPDF_Page* m_pPage; diff --git a/core/fpdfapi/page/cpdf_docpagedata.cpp b/core/fpdfapi/page/cpdf_docpagedata.cpp index c4dc050215..7c45a04af1 100644 --- a/core/fpdfapi/page/cpdf_docpagedata.cpp +++ b/core/fpdfapi/page/cpdf_docpagedata.cpp @@ -393,31 +393,21 @@ void CPDF_DocPageData::ReleasePattern(const CPDF_Object* pPatternObj) { pPattern->clear(); } -CPDF_Image* CPDF_DocPageData::GetImage(CPDF_Object* pImageStream) { - if (!pImageStream) - return nullptr; - - ASSERT(!pImageStream->IsInline()); - const uint32_t dwObjNum = pImageStream->GetObjNum(); - auto it = m_ImageMap.find(dwObjNum); +CPDF_Image* CPDF_DocPageData::GetImage(uint32_t dwStreamObjNum) { + ASSERT(dwStreamObjNum); + auto it = m_ImageMap.find(dwStreamObjNum); if (it != m_ImageMap.end()) return it->second->AddRef(); CPDF_CountedImage* pCountedImage = - new CPDF_CountedImage(new CPDF_Image(m_pPDFDoc, dwObjNum)); - m_ImageMap[dwObjNum] = pCountedImage; + new CPDF_CountedImage(new CPDF_Image(m_pPDFDoc, dwStreamObjNum)); + m_ImageMap[dwStreamObjNum] = pCountedImage; return pCountedImage->AddRef(); } -void CPDF_DocPageData::ReleaseImage(const CPDF_Object* pImageStream) { - if (!pImageStream) - return; - - uint32_t dwObjNum = pImageStream->GetObjNum(); - if (!dwObjNum) - return; - - auto it = m_ImageMap.find(dwObjNum); +void CPDF_DocPageData::ReleaseImage(uint32_t dwStreamObjNum) { + ASSERT(dwStreamObjNum); + auto it = m_ImageMap.find(dwStreamObjNum); if (it == m_ImageMap.end()) return; diff --git a/core/fpdfapi/page/cpdf_docpagedata.h b/core/fpdfapi/page/cpdf_docpagedata.h index bf2b80498d..37538eb329 100644 --- a/core/fpdfapi/page/cpdf_docpagedata.h +++ b/core/fpdfapi/page/cpdf_docpagedata.h @@ -42,8 +42,8 @@ class CPDF_DocPageData { bool bShading, const CFX_Matrix& matrix); void ReleasePattern(const CPDF_Object* pPatternObj); - CPDF_Image* GetImage(CPDF_Object* pImageStream); - void ReleaseImage(const CPDF_Object* pImageStream); + CPDF_Image* GetImage(uint32_t dwStreamObjNum); + void ReleaseImage(uint32_t dwStreamObjNum); CPDF_IccProfile* GetIccProfile(CPDF_Stream* pIccProfileStream); void ReleaseIccProfile(const CPDF_IccProfile* pIccProfile); CPDF_StreamAcc* GetFontFileStreamAcc(CPDF_Stream* pFontStream); diff --git a/core/fpdfapi/page/cpdf_image.cpp b/core/fpdfapi/page/cpdf_image.cpp index 976d6d8c47..4048c9bb4e 100644 --- a/core/fpdfapi/page/cpdf_image.cpp +++ b/core/fpdfapi/page/cpdf_image.cpp @@ -30,9 +30,6 @@ CPDF_Image::CPDF_Image(CPDF_Document* pDoc, : m_pDocument(pDoc), m_pStream(pStream.get()), m_pOwnedStream(std::move(pStream)) { - if (!m_pStream) - return; - m_pOwnedDict = ToDictionary(std::unique_ptr(m_pStream->GetDict()->Clone())); m_pDict = m_pOwnedDict.get(); @@ -42,9 +39,6 @@ CPDF_Image::CPDF_Image(CPDF_Document* pDoc, CPDF_Image::CPDF_Image(CPDF_Document* pDoc, uint32_t dwStreamObjNum) : m_pDocument(pDoc), m_pStream(ToStream(pDoc->GetIndirectObject(dwStreamObjNum))) { - if (!m_pStream) - return; - m_pDict = m_pStream->GetDict(); FinishInitialization(); } @@ -79,6 +73,14 @@ CPDF_Image* CPDF_Image::Clone() { return pImage; } +void CPDF_Image::ConvertStreamToIndirectObject() { + if (!m_pStream->IsInline()) + return; + + ASSERT(m_pOwnedStream); + m_pDocument->AddIndirectObject(m_pOwnedStream.release()); +} + CPDF_Dictionary* CPDF_Image::InitJPEG(uint8_t* pData, uint32_t size) { int32_t width; int32_t height; @@ -122,8 +124,10 @@ CPDF_Dictionary* CPDF_Image::InitJPEG(uint8_t* pData, uint32_t size) { m_bIsMask = false; m_Width = width; m_Height = height; - if (!m_pStream) - m_pStream = new CPDF_Stream; + if (!m_pStream) { + m_pOwnedStream = pdfium::MakeUnique(); + m_pStream = m_pOwnedStream.get(); + } return pDict; } @@ -334,9 +338,10 @@ void CPDF_Image::SetImage(const CFX_DIBitmap* pBitmap, int32_t iCompress) { dest_offset = 0; } } - if (!m_pStream) - m_pStream = new CPDF_Stream; - + if (!m_pStream) { + m_pOwnedStream = pdfium::MakeUnique(); + m_pStream = m_pOwnedStream.get(); + } m_pStream->InitStream(dest_buf, dest_size, pDict); m_bIsMask = pBitmap->IsAlphaMask(); m_Width = BitmapWidth; diff --git a/core/fpdfapi/page/cpdf_image.h b/core/fpdfapi/page/cpdf_image.h index 02308db647..a9bcef27ad 100644 --- a/core/fpdfapi/page/cpdf_image.h +++ b/core/fpdfapi/page/cpdf_image.h @@ -33,6 +33,7 @@ class CPDF_Image { ~CPDF_Image(); CPDF_Image* Clone(); + void ConvertStreamToIndirectObject(); CPDF_Dictionary* GetInlineDict() const { return m_pDict; } CPDF_Stream* GetStream() const { return m_pStream; } diff --git a/core/fpdfapi/page/cpdf_imageobject.cpp b/core/fpdfapi/page/cpdf_imageobject.cpp index c51f648b6f..2893c525b1 100644 --- a/core/fpdfapi/page/cpdf_imageobject.cpp +++ b/core/fpdfapi/page/cpdf_imageobject.cpp @@ -79,6 +79,6 @@ void CPDF_ImageObject::Release() { return; CPDF_DocPageData* pPageData = m_pImage->GetDocument()->GetPageData(); - pPageData->ReleaseImage(m_pImage->GetStream()); + pPageData->ReleaseImage(m_pImage->GetStream()->GetObjNum()); m_pImage = nullptr; } diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp index e7d23c0522..69b2b7e4e3 100644 --- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp +++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp @@ -825,12 +825,8 @@ CPDF_ImageObject* CPDF_StreamContentParser::AddImage( } CPDF_ImageObject* CPDF_StreamContentParser::AddImage(uint32_t streamObjNum) { - CPDF_Stream* pStream = ToStream(m_pDocument->GetIndirectObject(streamObjNum)); - if (!pStream) - return nullptr; - auto pImageObj = pdfium::MakeUnique(); - pImageObj->SetUnownedImage(m_pDocument->LoadImageF(pStream)); + pImageObj->SetUnownedImage(m_pDocument->LoadImageFromPageData(streamObjNum)); return AddImageObject(std::move(pImageObj)); } @@ -840,7 +836,7 @@ CPDF_ImageObject* CPDF_StreamContentParser::AddImage(CPDF_Image* pImage) { auto pImageObj = pdfium::MakeUnique(); pImageObj->SetUnownedImage( - m_pDocument->GetPageData()->GetImage(pImage->GetStream())); + m_pDocument->GetPageData()->GetImage(pImage->GetStream()->GetObjNum())); return AddImageObject(std::move(pImageObj)); } diff --git a/core/fpdfapi/parser/cpdf_document.cpp b/core/fpdfapi/parser/cpdf_document.cpp index 6788394118..ebd3156e35 100644 --- a/core/fpdfapi/parser/cpdf_document.cpp +++ b/core/fpdfapi/parser/cpdf_document.cpp @@ -641,12 +641,9 @@ CPDF_IccProfile* CPDF_Document::LoadIccProfile(CPDF_Stream* pStream) { return m_pDocPage->GetIccProfile(pStream); } -CPDF_Image* CPDF_Document::LoadImageF(CPDF_Object* pObj) { - if (!pObj) - return nullptr; - - ASSERT(pObj->GetObjNum()); - return m_pDocPage->GetImage(pObj); +CPDF_Image* CPDF_Document::LoadImageFromPageData(uint32_t dwStreamObjNum) { + ASSERT(dwStreamObjNum); + return m_pDocPage->GetImage(dwStreamObjNum); } void CPDF_Document::CreateNewDoc() { diff --git a/core/fpdfapi/parser/cpdf_document.h b/core/fpdfapi/parser/cpdf_document.h index fce84001b9..73c8666686 100644 --- a/core/fpdfapi/parser/cpdf_document.h +++ b/core/fpdfapi/parser/cpdf_document.h @@ -81,7 +81,7 @@ class CPDF_Document : public CPDF_IndirectObjectHolder { bool bShading, const CFX_Matrix& matrix); - CPDF_Image* LoadImageF(CPDF_Object* pObj); + CPDF_Image* LoadImageFromPageData(uint32_t dwStreamObjNum); CPDF_StreamAcc* LoadFontFile(CPDF_Stream* pStream); CPDF_IccProfile* LoadIccProfile(CPDF_Stream* pStream); -- cgit v1.2.3