From e563e8352139e4852a955e319023b09f2844aee9 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 30 Jan 2018 17:38:00 +0000
Subject: Use UnownedPtr instead of T* in MaybeOwned.

Always check the liftime in the unowned case. Doing so unearthed
the following issues:

Transient lifetime issue in jbig2_image when doing realloc().
Stale (but unused) dictionary pointer in CPDF_Image.
Destruction order in error branch in cpdf_dibsource.cpp

Change-Id: I12b758aafeefedc7abe1e8b21a18db959929e95f
Reviewed-on: https://pdfium-review.googlesource.com/24552
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 core/fxcodec/jbig2/JBig2_Image.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'core/fxcodec')

diff --git a/core/fxcodec/jbig2/JBig2_Image.cpp b/core/fxcodec/jbig2/JBig2_Image.cpp
index b0d75d4d96..d229e0ca01 100644
--- a/core/fxcodec/jbig2/JBig2_Image.cpp
+++ b/core/fxcodec/jbig2/JBig2_Image.cpp
@@ -234,8 +234,8 @@ void CJBig2_Image::expand(int32_t h, bool v) {
     return;
 
   if (m_pData.IsOwned()) {
-    m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>(
-        FX_Realloc(uint8_t, m_pData.Release().release(), h * m_nStride)));
+    m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>(FX_Realloc(
+        uint8_t, m_pData.ReleaseAndClear().release(), h * m_nStride)));
   } else {
     uint8_t* pExternalBuffer = data();
     m_pData.Reset(std::unique_ptr<uint8_t, FxFreeDeleter>(
-- 
cgit v1.2.3