From 5a399de2945d7b244802565d8e9d2f6e662561da Mon Sep 17 00:00:00 2001 From: tsepez Date: Tue, 20 Sep 2016 13:23:21 -0700 Subject: Make CPDF_Array not do indirect object creation. We remove the indirect object holder argument and check that call sites pass ownable objects, adding a reference in one place that always was passing an indirect object. Also check that the invariant isn't violated, we need to fail here in the wild and investigate -- these are existing UAFs. Review-Url: https://codereview.chromium.org/2355083002 --- core/fpdfapi/fpdf_parser/include/cpdf_array.h | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'core/fpdfapi/fpdf_parser/include') diff --git a/core/fpdfapi/fpdf_parser/include/cpdf_array.h b/core/fpdfapi/fpdf_parser/include/cpdf_array.h index 8c89a060eb..1e8c612710 100644 --- a/core/fpdfapi/fpdf_parser/include/cpdf_array.h +++ b/core/fpdfapi/fpdf_parser/include/cpdf_array.h @@ -43,15 +43,11 @@ class CPDF_Array : public CPDF_Object { CFX_Matrix GetMatrix(); CFX_FloatRect GetRect(); - void SetAt(size_t index, - CPDF_Object* pObj, - CPDF_IndirectObjectHolder* pObjs = nullptr); - void InsertAt(size_t index, - CPDF_Object* pObj, - CPDF_IndirectObjectHolder* pObjs = nullptr); + void SetAt(size_t index, CPDF_Object* pObj); + void InsertAt(size_t index, CPDF_Object* pObj); void RemoveAt(size_t index, size_t nCount = 1); - void Add(CPDF_Object* pObj, CPDF_IndirectObjectHolder* pObjs = nullptr); + void Add(CPDF_Object* pObj); void AddNumber(FX_FLOAT f); void AddInteger(int i); void AddString(const CFX_ByteString& str); -- cgit v1.2.3