From 28e691995a7d14f3001eede5f00f62b9a64d8a69 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Thu, 16 Feb 2017 12:20:13 -0800 Subject: Avoid a potential leak in CPDF_IndirectObjectHolder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keep a vector of object superseeded by another object. These will no longer be returned from the holder, but it will clean them Change-Id: If9754ff6614bd79e9de6ce8c3492230435813218 Reviewed-on: https://pdfium-review.googlesource.com/2790 Reviewed-by: Nicolás Peña Commit-Queue: Tom Sepez --- core/fpdfapi/parser/cpdf_indirect_object_holder.cpp | 4 +++- core/fpdfapi/parser/cpdf_indirect_object_holder.h | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp index ef3de92f76..3037d0b9b5 100644 --- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp @@ -56,7 +56,9 @@ CPDF_Object* CPDF_IndirectObjectHolder::AddIndirectObject( CHECK(!pObj->m_ObjNum); CPDF_Object* pUnowned = pObj.get(); pObj->m_ObjNum = ++m_LastObjNum; - m_IndirectObjs[m_LastObjNum].release(); // TODO(tsepez): stop this leak. + if (m_IndirectObjs[m_LastObjNum]) + m_OrphanObjs.push_back(std::move(m_IndirectObjs[m_LastObjNum])); + m_IndirectObjs[m_LastObjNum] = std::move(pObj); return pUnowned; } diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.h b/core/fpdfapi/parser/cpdf_indirect_object_holder.h index 1b174d8b62..b6d33a3cd5 100644 --- a/core/fpdfapi/parser/cpdf_indirect_object_holder.h +++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.h @@ -11,6 +11,7 @@ #include #include #include +#include #include "core/fpdfapi/parser/cpdf_object.h" #include "core/fxcrt/cfx_string_pool_template.h" @@ -70,6 +71,7 @@ class CPDF_IndirectObjectHolder { private: uint32_t m_LastObjNum; std::map> m_IndirectObjs; + std::vector> m_OrphanObjs; CFX_WeakPtr m_pByteStringPool; }; -- cgit v1.2.3