From be83b31dc4f21e7be066ac1093fcd9b6aab058ed Mon Sep 17 00:00:00 2001 From: npm Date: Mon, 14 Nov 2016 12:16:00 -0800 Subject: Properly release caches in CPDF_DocRenderData Currently, only RemoveRef() is being called when releasing. The problem is that when the object is no longer being used, the map is not updated accordingly. In the pdf in the bug below, the pointer of a font used in the second page coincides with the pointer of a font in the first page (that was released). So the cached values for the font in the first page are used, resulting in incorrect rendering. BUG=pdfium:629 Review-Url: https://codereview.chromium.org/2501053002 --- core/fpdfapi/render/fpdf_render.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/core/fpdfapi/render/fpdf_render.cpp b/core/fpdfapi/render/fpdf_render.cpp index a431aa9486..e4abb7e832 100644 --- a/core/fpdfapi/render/fpdf_render.cpp +++ b/core/fpdfapi/render/fpdf_render.cpp @@ -80,8 +80,14 @@ CPDF_Type3Cache* CPDF_DocRenderData::GetCachedType3(CPDF_Type3Font* pFont) { void CPDF_DocRenderData::ReleaseCachedType3(CPDF_Type3Font* pFont) { auto it = m_Type3FaceMap.find(pFont); - if (it != m_Type3FaceMap.end()) + if (it != m_Type3FaceMap.end()) { it->second->RemoveRef(); + if (it->second->use_count() < 2) { + delete it->second->get(); + delete it->second; + m_Type3FaceMap.erase(it); + } + } } CPDF_RenderOptions::CPDF_RenderOptions() @@ -1150,8 +1156,14 @@ CPDF_TransferFunc* CPDF_DocRenderData::GetTransferFunc(CPDF_Object* pObj) { void CPDF_DocRenderData::ReleaseTransferFunc(CPDF_Object* pObj) { auto it = m_TransferFuncMap.find(pObj); - if (it != m_TransferFuncMap.end()) + if (it != m_TransferFuncMap.end()) { it->second->RemoveRef(); + if (it->second->use_count() < 2) { + delete it->second->get(); + delete it->second; + m_TransferFuncMap.erase(it); + } + } } CPDF_DeviceBuffer::CPDF_DeviceBuffer() -- cgit v1.2.3