| OLD | NEW |
|---|
| 1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
| 6 | 6 |
| 7 #include <limits> | 7 #include <limits> |
| 8 | 8 |
| 9 #include "core/include/fxge/fx_freetype.h" | 9 #include "core/include/fxge/fx_freetype.h" |
| 10 #include "core/include/fxge/fx_ge.h" | 10 #include "core/include/fxge/fx_ge.h" |
| (...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 430 FXFT_Done_Face(m_SingleFace.m_pFace); | 430 FXFT_Done_Face(m_SingleFace.m_pFace); |
| 431 } | 431 } |
| 432 } else if (m_Type == 2) { | 432 } else if (m_Type == 2) { |
| 433 for (int i = 0; i < 16; i++) | 433 for (int i = 0; i < 16; i++) |
| 434 if (m_TTCFace.m_pFaces[i]) { | 434 if (m_TTCFace.m_pFaces[i]) { |
| 435 FXFT_Done_Face(m_TTCFace.m_pFaces[i]); | 435 FXFT_Done_Face(m_TTCFace.m_pFaces[i]); |
| 436 } | 436 } |
| 437 } | 437 } |
| 438 FX_Free(m_pFontData); | 438 FX_Free(m_pFontData); |
| 439 } | 439 } |
| 440 FX_BOOL CTTFontDesc::ReleaseFace(FXFT_Face face) { | 440 int CTTFontDesc::ReleaseFace(FXFT_Face face) { |
| 441 if (m_Type == 1) { | 441 if (m_Type == 1) { |
| 442 if (m_SingleFace.m_pFace != face) { | 442 if (m_SingleFace.m_pFace != face) { |
| 443 return FALSE; | 443 return -1; |
| 444 } | 444 } |
| 445 } else if (m_Type == 2) { | 445 } else if (m_Type == 2) { |
| 446 int i; | 446 int i; |
| 447 for (i = 0; i < 16; i++) | 447 for (i = 0; i < 16; i++) |
| 448 if (m_TTCFace.m_pFaces[i] == face) { | 448 if (m_TTCFace.m_pFaces[i] == face) { |
| 449 break; | 449 break; |
| 450 } | 450 } |
| 451 if (i == 16) { | 451 if (i == 16) { |
| 452 return FALSE; | 452 return -1; |
| 453 } | 453 } |
| 454 } | 454 } |
| 455 m_RefCount--; | 455 m_RefCount--; |
| 456 if (m_RefCount) { | 456 if (m_RefCount) { |
| 457 return FALSE; | 457 return m_RefCount; |
| 458 } | 458 } |
| 459 delete this; | 459 delete this; |
| 460 return TRUE; | 460 return 0; |
| 461 } | 461 } |
| 462 | 462 |
| 463 CFX_FontMgr::CFX_FontMgr() : m_FTLibrary(nullptr) { | 463 CFX_FontMgr::CFX_FontMgr() : m_FTLibrary(nullptr) { |
| 464 m_pBuiltinMapper.reset(new CFX_FontMapper(this)); | 464 m_pBuiltinMapper.reset(new CFX_FontMapper(this)); |
| 465 } | 465 } |
| 466 | 466 |
| 467 CFX_FontMgr::~CFX_FontMgr() { | 467 CFX_FontMgr::~CFX_FontMgr() { |
| 468 for (const auto& pair : m_FaceMap) | 468 for (const auto& pair : m_FaceMap) |
| 469 delete pair.second; | 469 delete pair.second; |
| 470 | 470 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 614 FXFT_Face face = nullptr; | 614 FXFT_Face face = nullptr; |
| 615 if (FXFT_New_Face(library, filename, face_index, &face)) | 615 if (FXFT_New_Face(library, filename, face_index, &face)) |
| 616 return nullptr; | 616 return nullptr; |
| 617 return FXFT_Set_Pixel_Sizes(face, 64, 64) ? nullptr : face; | 617 return FXFT_Set_Pixel_Sizes(face, 64, 64) ? nullptr : face; |
| 618 } | 618 } |
| 619 | 619 |
| 620 void CFX_FontMgr::ReleaseFace(FXFT_Face face) { | 620 void CFX_FontMgr::ReleaseFace(FXFT_Face face) { |
| 621 if (!face) { | 621 if (!face) { |
| 622 return; | 622 return; |
| 623 } | 623 } |
| 624 FX_BOOL bNeedFaceDone = TRUE; |
| 624 auto it = m_FaceMap.begin(); | 625 auto it = m_FaceMap.begin(); |
| 625 while (it != m_FaceMap.end()) { | 626 while (it != m_FaceMap.end()) { |
| 626 auto temp = it++; | 627 auto temp = it++; |
| 627 if (temp->second->ReleaseFace(face)) { | 628 int nRet = temp->second->ReleaseFace(face); |
| 629 if (nRet == -1) |
| 630 continue; |
| 631 bNeedFaceDone = FALSE; |
| 632 if (nRet == 0) |
| 628 m_FaceMap.erase(temp); | 633 m_FaceMap.erase(temp); |
| 629 } | 634 break; |
| 630 } | 635 } |
| 636 if (bNeedFaceDone && !m_pBuiltinMapper->IsBuiltinFace(face)) |
| 637 FXFT_Done_Face(face); |
| 631 } | 638 } |
| 632 | 639 |
| 633 bool CFX_FontMgr::GetBuiltinFont(size_t index, | 640 bool CFX_FontMgr::GetBuiltinFont(size_t index, |
| 634 const uint8_t** pFontData, | 641 const uint8_t** pFontData, |
| 635 FX_DWORD* size) { | 642 FX_DWORD* size) { |
| 636 if (index < FX_ArraySize(g_FoxitFonts)) { | 643 if (index < FX_ArraySize(g_FoxitFonts)) { |
| 637 *pFontData = g_FoxitFonts[index].m_pFontData; | 644 *pFontData = g_FoxitFonts[index].m_pFontData; |
| 638 *size = g_FoxitFonts[index].m_dwSize; | 645 *size = g_FoxitFonts[index].m_dwSize; |
| 639 return true; | 646 return true; |
| 640 } | 647 } |
| (...skipping 949 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1590 int PDF_GetStandardFontName(CFX_ByteString* name) { | 1597 int PDF_GetStandardFontName(CFX_ByteString* name) { |
| 1591 AltFontName* found = static_cast<AltFontName*>( | 1598 AltFontName* found = static_cast<AltFontName*>( |
| 1592 FXSYS_bsearch(name->c_str(), g_AltFontNames, FX_ArraySize(g_AltFontNames), | 1599 FXSYS_bsearch(name->c_str(), g_AltFontNames, FX_ArraySize(g_AltFontNames), |
| 1593 sizeof(AltFontName), CompareString)); | 1600 sizeof(AltFontName), CompareString)); |
| 1594 if (!found) | 1601 if (!found) |
| 1595 return -1; | 1602 return -1; |
| 1596 | 1603 |
| 1597 *name = g_Base14FontNames[found->m_Index]; | 1604 *name = g_Base14FontNames[found->m_Index]; |
| 1598 return found->m_Index; | 1605 return found->m_Index; |
| 1599 } | 1606 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1512873002:
Fix heap-use-after-free in FT_Stream_ReleaseFrame (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@xfa