From 28e691995a7d14f3001eede5f00f62b9a64d8a69 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Thu, 16 Feb 2017 12:20:13 -0800
Subject: Avoid a potential leak in CPDF_IndirectObjectHolder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Keep a vector of object superseeded by another object.  These will
no longer be returned from the holder, but it will clean them

Change-Id: If9754ff6614bd79e9de6ce8c3492230435813218
Reviewed-on: https://pdfium-review.googlesource.com/2790
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
---
 core/fpdfapi/parser/cpdf_indirect_object_holder.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'core/fpdfapi/parser/cpdf_indirect_object_holder.cpp')

diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
index ef3de92f76..3037d0b9b5 100644
--- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
+++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
@@ -56,7 +56,9 @@ CPDF_Object* CPDF_IndirectObjectHolder::AddIndirectObject(
   CHECK(!pObj->m_ObjNum);
   CPDF_Object* pUnowned = pObj.get();
   pObj->m_ObjNum = ++m_LastObjNum;
-  m_IndirectObjs[m_LastObjNum].release();  // TODO(tsepez): stop this leak.
+  if (m_IndirectObjs[m_LastObjNum])
+    m_OrphanObjs.push_back(std::move(m_IndirectObjs[m_LastObjNum]));
+
   m_IndirectObjs[m_LastObjNum] = std::move(pObj);
   return pUnowned;
 }
-- 
cgit v1.2.3