From 7757143c12c972c9b0813b5b53cecba33544e7f8 Mon Sep 17 00:00:00 2001 From: tsepez Date: Fri, 23 Sep 2016 12:21:10 -0700 Subject: Avoid collisions in CPDF_IndirectObjectHolder::AddIndirectObject() The change at 5b7c9bb differed from the original code in that a pre-existing object would now be freed, which showed that a collision could be possible if m_LastObjNum overflowed. BUG=649206 Review-Url: https://codereview.chromium.org/2361303002 --- core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp index 800e34b3d1..0a15e2dce1 100644 --- a/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp +++ b/core/fpdfapi/fpdf_parser/cpdf_indirect_object_holder.cpp @@ -47,6 +47,7 @@ uint32_t CPDF_IndirectObjectHolder::AddIndirectObject(CPDF_Object* pObj) { return pObj->m_ObjNum; m_LastObjNum++; + m_IndirectObjs[m_LastObjNum].release(); // TODO(tsepez): stop this leak. m_IndirectObjs[m_LastObjNum].reset(pObj); pObj->m_ObjNum = m_LastObjNum; return m_LastObjNum; -- cgit v1.2.3