From 5609f39c9d4534733f04a2be631da56948c2e96f Mon Sep 17 00:00:00 2001 From: tsepez Date: Mon, 10 Oct 2016 11:25:02 -0700 Subject: Revert "Re-land "Assert that only 0-numbered objects are Released()"" This reverts commit b69a98cf50537130f88ce3a799117f2ca8353ac5. Reason for revert: crashes on mac. BUG=654387 TBR=thestig@chromium.org Review-Url: https://codereview.chromium.org/2410483002 --- core/fpdfapi/parser/cpdf_parser.cpp | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'core/fpdfapi/parser/cpdf_parser.cpp') diff --git a/core/fpdfapi/parser/cpdf_parser.cpp b/core/fpdfapi/parser/cpdf_parser.cpp index f4cde0c198..17539101a1 100644 --- a/core/fpdfapi/parser/cpdf_parser.cpp +++ b/core/fpdfapi/parser/cpdf_parser.cpp @@ -956,34 +956,36 @@ FX_BOOL CPDF_Parser::RebuildCrossRef() { } FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { - std::unique_ptr pObject( - ParseIndirectObjectAt(m_pDocument, *pos, 0)); + CPDF_Object* pObject = ParseIndirectObjectAt(m_pDocument, *pos, 0); if (!pObject) return FALSE; - CPDF_Object* pUnownedObject = pObject.get(); - if (m_pDocument) { CPDF_Dictionary* pRootDict = m_pDocument->GetRoot(); - if (pRootDict && pRootDict->GetObjNum() == pObject->m_ObjNum) + if (pRootDict && pRootDict->GetObjNum() == pObject->m_ObjNum) { + // If |pObject| has an objnum assigned then this will leak as Release() + // will early exit. + if (pObject->IsStream()) + pObject->Release(); return FALSE; - // Takes ownership of object (std::move someday). - uint32_t objnum = pObject->m_ObjNum; - if (!m_pDocument->ReplaceIndirectObjectIfHigherGeneration( - objnum, pObject.release())) { + } + if (!m_pDocument->ReplaceIndirectObjectIfHigherGeneration(pObject->m_ObjNum, + pObject)) { return FALSE; } } - CPDF_Stream* pStream = pUnownedObject->AsStream(); + CPDF_Stream* pStream = pObject->AsStream(); if (!pStream) return FALSE; CPDF_Dictionary* pDict = pStream->GetDict(); *pos = pDict->GetIntegerFor("Prev"); int32_t size = pDict->GetIntegerFor("Size"); - if (size < 0) + if (size < 0) { + pStream->Release(); return FALSE; + } CPDF_Dictionary* pNewTrailer = ToDictionary(pDict->Clone()); if (bMainXRef) { @@ -1015,8 +1017,10 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { arrIndex.push_back(std::make_pair(0, size)); pArray = pDict->GetArrayFor("W"); - if (!pArray) + if (!pArray) { + pStream->Release(); return FALSE; + } CFX_ArrayTemplate WidthArray; FX_SAFE_UINT32 dwAccWidth = 0; @@ -1025,8 +1029,10 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { dwAccWidth += WidthArray[i]; } - if (!dwAccWidth.IsValid() || WidthArray.GetSize() < 3) + if (!dwAccWidth.IsValid() || WidthArray.GetSize() < 3) { + pStream->Release(); return FALSE; + } uint32_t totalWidth = dwAccWidth.ValueOrDie(); CPDF_StreamAcc acc; @@ -1086,14 +1092,17 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE* pos, FX_BOOL bMainXRef) { if (type == 1) { m_SortedOffset.insert(offset); } else { - if (offset < 0 || !IsValidObjectNumber(offset)) + if (offset < 0 || !IsValidObjectNumber(offset)) { + pStream->Release(); return FALSE; + } m_ObjectInfo[offset].type = 255; } } } segindex += count; } + pStream->Release(); return TRUE; } -- cgit v1.2.3