From ef8fb8c4c3ab9b93421389b8399fce3923ead735 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Thu, 18 Dec 2014 16:29:55 -0800 Subject: Fix a bug that occurs when an object has the same object number with the root object Before this fix, the root will be released when an indirect object has the same object number with the root. However, the root object is loaded when the trailer is parsed. It shall not be updated or replaced anymore. BUG=425040 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/803103002 (cherry picked from commit dba5bfd174589ad08c4231b039297b59fa2ccc3b) Review URL: https://codereview.chromium.org/792013005 --- core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp index 85992a83e3..3612f64574 100644 --- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp +++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp @@ -1007,7 +1007,15 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE pos, FX_FILESIZE& prev, FX_BOOL return FALSE; } if (m_pDocument) { - m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream); + CPDF_Dictionary * pDict = m_pDocument->GetRoot(); + if (!pDict || pDict->GetObjNum() != pStream->m_ObjNum) { + m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream); + } else { + if (pStream->GetType() == PDFOBJ_STREAM) { + pStream->Release(); + } + return FALSE; + } } if (pStream->GetType() != PDFOBJ_STREAM) { return FALSE; -- cgit v1.2.3