From 1d7dc1baba517bbf862e7d144e121b2ea4ffd33b Mon Sep 17 00:00:00 2001 From: Bo Xu Date: Tue, 2 Sep 2014 12:13:36 -0700 Subject: Add m_pDocument in CPDF_Color and check if page date has been forced clear This will prevent using freed pattern object. This is a better solution than https://pdfium.googlesource.com/pdfium/+/1b9c5c4dc41956b8c5ab17b9a882adf8a2513768 and in essence revert that patch BUG=409373 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/522483003 --- core/include/fpdfapi/fpdf_resource.h | 9 +++---- core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp | 32 +++++++++++++----------- core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp | 7 +----- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/core/include/fpdfapi/fpdf_resource.h b/core/include/fpdfapi/fpdf_resource.h index 4ce4ddc8bb..92c4872537 100644 --- a/core/include/fpdfapi/fpdf_resource.h +++ b/core/include/fpdfapi/fpdf_resource.h @@ -680,10 +680,8 @@ class CPDF_Color : public CFX_Object { public: - CPDF_Color() + CPDF_Color() :m_pCS(NULL), m_pBuffer(NULL), m_pDocument(NULL) { - m_pBuffer = NULL; - m_pCS = NULL; } CPDF_Color(int family); @@ -720,10 +718,11 @@ public: CPDF_ColorSpace* m_pCS; - FX_FLOAT* m_pBuffer; protected: void ReleaseBuffer(); void ReleaseColorSpace(); + FX_FLOAT* m_pBuffer; + CPDF_Document* m_pDocument; }; #define PATTERN_TILING 1 #define PATTERN_SHADING 2 @@ -732,7 +731,6 @@ class CPDF_Pattern : public CFX_Object public: virtual ~CPDF_Pattern(); - void SaveColor(CPDF_Color* pColor) {m_pColor = pColor;} CPDF_Object* m_pPatternObj; @@ -742,7 +740,6 @@ public: CFX_AffineMatrix m_ParentMatrix; CPDF_Document* m_pDocument; - CPDF_Color* m_pColor; protected: diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp index d99e643047..db384a7d8f 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp @@ -1292,9 +1292,11 @@ void CPDF_Color::ReleaseBuffer() if (m_pCS->GetFamily() == PDFCS_PATTERN) { PatternValue* pvalue = (PatternValue*)m_pBuffer; CPDF_Pattern* pPattern = pvalue->m_pPattern; - if (pPattern && pPattern->m_pDocument) { - pPattern->SaveColor(NULL); - pPattern->m_pDocument->GetPageData()->ReleasePattern(pPattern->m_pPatternObj); + if (pPattern && m_pDocument) { + CPDF_DocPageData *pPageData = m_pDocument->GetPageData(); + if (pPageData && !pPageData->IsForceClear()) { + pPageData->ReleasePattern(pPattern->m_pPatternObj); + } } } FX_Free(m_pBuffer); @@ -1302,9 +1304,10 @@ void CPDF_Color::ReleaseBuffer() } void CPDF_Color::ReleaseColorSpace() { - if (m_pCS && m_pCS->m_pDocument && m_pCS->GetArray()) { - m_pCS->m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray()); + if (m_pDocument && m_pCS && m_pCS->GetArray()) { + m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray()); m_pCS = NULL; + m_pDocument = NULL; } } void CPDF_Color::SetColorSpace(CPDF_ColorSpace* pCS) @@ -1315,11 +1318,13 @@ void CPDF_Color::SetColorSpace(CPDF_ColorSpace* pCS) } ReleaseColorSpace(); m_pCS = pCS; + m_pDocument = pCS->m_pDocument; return; } ReleaseBuffer(); ReleaseColorSpace(); m_pCS = pCS; + m_pDocument = pCS->m_pDocument; if (m_pCS) { m_pBuffer = pCS->CreateBuf(); pCS->GetDefaultColor(m_pBuffer); @@ -1346,18 +1351,15 @@ void CPDF_Color::SetValue(CPDF_Pattern* pPattern, FX_FLOAT* comps, int ncomps) m_pCS = CPDF_ColorSpace::GetStockCS(PDFCS_PATTERN); m_pBuffer = m_pCS->CreateBuf(); } - CPDF_DocPageData* pDocPageData = NULL; PatternValue* pvalue = (PatternValue*)m_pBuffer; - if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) { - pDocPageData = pvalue->m_pPattern->m_pDocument->GetPageData(); - pvalue->m_pPattern->SaveColor(NULL); - pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj); + if (pvalue->m_pPattern && m_pDocument) { + CPDF_DocPageData *pDocPageData = m_pDocument->GetPageData(); + if (pDocPageData && !pDocPageData->IsForceClear()) { + pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj); + } } pvalue->m_nComps = ncomps; pvalue->m_pPattern = pPattern; - if (pPattern) { - pPattern->SaveColor(this); - } if (ncomps) { FXSYS_memcpy32(pvalue->m_Comps, comps, ncomps * sizeof(FX_FLOAT)); } @@ -1380,8 +1382,8 @@ void CPDF_Color::Copy(const CPDF_Color* pSrc) FXSYS_memcpy32(m_pBuffer, pSrc->m_pBuffer, m_pCS->GetBufSize()); if (m_pCS->GetFamily() == PDFCS_PATTERN) { PatternValue* pvalue = (PatternValue*)m_pBuffer; - if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) { - pvalue->m_pPattern = pvalue->m_pPattern->m_pDocument->GetPageData()->GetPattern(pvalue->m_pPattern->m_pPatternObj, FALSE, &pvalue->m_pPattern->m_ParentMatrix); + if (pvalue->m_pPattern && m_pDocument) { + pvalue->m_pPattern = m_pDocument->GetPageData()->GetPattern(pvalue->m_pPattern->m_pPatternObj, FALSE, &pvalue->m_pPattern->m_ParentMatrix); } } } diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp index c7c1e7a565..bcb8196662 100644 --- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp +++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp @@ -8,19 +8,14 @@ #include "pageint.h" CPDF_Pattern::CPDF_Pattern(const CFX_AffineMatrix* pParentMatrix) : - m_pPatternObj(NULL), m_PatternType(PATTERN_TILING), m_pDocument(NULL), m_pColor(NULL) + m_pPatternObj(NULL), m_PatternType(PATTERN_TILING), m_pDocument(NULL) { if (pParentMatrix) { m_ParentMatrix = *pParentMatrix; } } - CPDF_Pattern::~CPDF_Pattern() { - if (m_pColor) { - m_pColor->SetValue(NULL, NULL, 0); - m_pColor = NULL; - } } CPDF_TilingPattern::CPDF_TilingPattern(CPDF_Document* pDoc, CPDF_Object* pPatternObj, const CFX_AffineMatrix* parentMatrix) : CPDF_Pattern(parentMatrix) -- cgit v1.2.3