From 012ae898a069bda7afbfdad4eb4c8ba042b68dc7 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 25 Apr 2017 16:39:34 -0700
Subject: Get rid of a few |new|s in CPDF_Document.

The chain of destructors may attempt to use m_pDocPage
after it has been set to null by the unique_ptr destructor.
Verify it is still present before using it from any code
that may be called from some other CPDF_ destructor.

Change-Id: I007160231d73feed85d90efc687d6da993653f96
Reviewed-on: https://pdfium-review.googlesource.com/4499
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
---
 core/fpdfapi/page/cpdf_color.cpp          | 11 +++++++----
 core/fpdfapi/page/cpdf_colorspace.cpp     | 12 +++++++++---
 core/fpdfapi/page/cpdf_shadingpattern.cpp |  7 +++++--
 3 files changed, 21 insertions(+), 9 deletions(-)

(limited to 'core/fpdfapi/page')

diff --git a/core/fpdfapi/page/cpdf_color.cpp b/core/fpdfapi/page/cpdf_color.cpp
index f0e433c243..59ce6dab28 100644
--- a/core/fpdfapi/page/cpdf_color.cpp
+++ b/core/fpdfapi/page/cpdf_color.cpp
@@ -42,10 +42,13 @@ void CPDF_Color::ReleaseBuffer() {
 }
 
 void CPDF_Color::ReleaseColorSpace() {
-  if (m_pCS && m_pCS->m_pDocument) {
-    m_pCS->m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray());
-    m_pCS = nullptr;
-  }
+  if (!m_pCS || !m_pCS->m_pDocument)
+    return;
+
+  auto* pPageData = m_pCS->m_pDocument->GetPageData();
+  if (pPageData)
+    pPageData->ReleaseColorSpace(m_pCS->GetArray());
+  m_pCS = nullptr;
 }
 
 void CPDF_Color::SetColorSpace(CPDF_ColorSpace* pCS) {
diff --git a/core/fpdfapi/page/cpdf_colorspace.cpp b/core/fpdfapi/page/cpdf_colorspace.cpp
index 400b7a9150..111d45f17e 100644
--- a/core/fpdfapi/page/cpdf_colorspace.cpp
+++ b/core/fpdfapi/page/cpdf_colorspace.cpp
@@ -852,7 +852,9 @@ CPDF_ICCBasedCS::~CPDF_ICCBasedCS() {
   if (m_pProfile && m_pDocument) {
     CPDF_Stream* pStream = m_pProfile->GetStream();
     m_pProfile.Reset();  // Give up our reference first.
-    m_pDocument->GetPageData()->MaybePurgeIccProfile(pStream);
+    auto* pPageData = m_pDocument->GetPageData();
+    if (pPageData)
+      pPageData->MaybePurgeIccProfile(pStream);
   }
 }
 
@@ -1049,7 +1051,9 @@ CPDF_IndexedCS::~CPDF_IndexedCS() {
   FX_Free(m_pCompMinMax);
   CPDF_ColorSpace* pCS = m_pCountedBaseCS ? m_pCountedBaseCS->get() : nullptr;
   if (pCS && m_pDocument) {
-    m_pDocument->GetPageData()->ReleaseColorSpace(pCS->GetArray());
+    auto* pPageData = m_pDocument->GetPageData();
+    if (pPageData)
+      pPageData->ReleaseColorSpace(pCS->GetArray());
   }
 }
 
@@ -1132,7 +1136,9 @@ CPDF_PatternCS::CPDF_PatternCS(CPDF_Document* pDoc)
 CPDF_PatternCS::~CPDF_PatternCS() {
   CPDF_ColorSpace* pCS = m_pCountedBaseCS ? m_pCountedBaseCS->get() : nullptr;
   if (pCS && m_pDocument) {
-    m_pDocument->GetPageData()->ReleaseColorSpace(pCS->GetArray());
+    auto* pPageData = m_pDocument->GetPageData();
+    if (pPageData)
+      pPageData->ReleaseColorSpace(pCS->GetArray());
   }
 }
 
diff --git a/core/fpdfapi/page/cpdf_shadingpattern.cpp b/core/fpdfapi/page/cpdf_shadingpattern.cpp
index e19ffaf0c4..133d32ff3a 100644
--- a/core/fpdfapi/page/cpdf_shadingpattern.cpp
+++ b/core/fpdfapi/page/cpdf_shadingpattern.cpp
@@ -50,8 +50,11 @@ CPDF_ShadingPattern::CPDF_ShadingPattern(CPDF_Document* pDoc,
 
 CPDF_ShadingPattern::~CPDF_ShadingPattern() {
   CPDF_ColorSpace* pCS = m_pCountedCS ? m_pCountedCS->get() : nullptr;
-  if (pCS && m_pDocument)
-    m_pDocument->GetPageData()->ReleaseColorSpace(pCS->GetArray());
+  if (pCS && m_pDocument) {
+    auto* pPageData = m_pDocument->GetPageData();
+    if (pPageData)
+      pPageData->ReleaseColorSpace(pCS->GetArray());
+  }
 }
 
 CPDF_TilingPattern* CPDF_ShadingPattern::AsTilingPattern() {
-- 
cgit v1.2.3