From c11287728d15bcc2c431f4b3c6eba8b5a79f906b Mon Sep 17 00:00:00 2001 From: tsepez Date: Mon, 17 Oct 2016 15:36:12 -0700 Subject: Fix segv in AddImage() The assumption that only indirect objects would be passed is wrong. Restore old behaviour despite muddying ownership constraints. R=thestig@chromium.org BUG=656145 Review-Url: https://codereview.chromium.org/2425843002 --- core/fpdfapi/page/cpdf_streamcontentparser.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/core/fpdfapi/page/cpdf_streamcontentparser.cpp b/core/fpdfapi/page/cpdf_streamcontentparser.cpp index 7f20b227b6..4ad763e3b2 100644 --- a/core/fpdfapi/page/cpdf_streamcontentparser.cpp +++ b/core/fpdfapi/page/cpdf_streamcontentparser.cpp @@ -669,7 +669,11 @@ void CPDF_StreamContentParser::Handle_ExecuteXObject() { type = pXObject->GetDict()->GetStringFor("Subtype"); if (type == "Image") { - CPDF_ImageObject* pObj = AddImage(pXObject->GetObjNum()); + CPDF_ImageObject* pObj = + pXObject->IsInline() + ? AddImage(UniqueStream(ToStream(pXObject->Clone()))) + : AddImage(pXObject->GetObjNum()); + m_LastImageName = name; m_pLastImage = pObj->GetImage(); if (!m_pObjectHolder->HasImageMask()) -- cgit v1.2.3