Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp

Issue 439693002: Fix use-after-free in CPDF_Color::~CPDF_Color (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/include/fpdfapi/fpdf_resource.h ('k') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('j') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_page.h" 7 #include "../../../include/fpdfapi/fpdf_page.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 #include "../../../include/fxcodec/fx_codec.h" 9 #include "../../../include/fxcodec/fx_codec.h"
10 #include "pageint.h" 10 #include "pageint.h"
(...skipping 1251 matching lines...) Expand 10 before | Expand all | Expand 10 after
1262 } 1262 }
1263 void CPDF_Color::ReleaseBuffer() 1263 void CPDF_Color::ReleaseBuffer()
1264 { 1264 {
1265 if (!m_pBuffer) { 1265 if (!m_pBuffer) {
1266 return; 1266 return;
1267 } 1267 }
1268 if (m_pCS->GetFamily() == PDFCS_PATTERN) { 1268 if (m_pCS->GetFamily() == PDFCS_PATTERN) {
1269 PatternValue* pvalue = (PatternValue*)m_pBuffer; 1269 PatternValue* pvalue = (PatternValue*)m_pBuffer;
1270 CPDF_Pattern* pPattern = pvalue->m_pPattern; 1270 CPDF_Pattern* pPattern = pvalue->m_pPattern;
1271 if (pPattern && pPattern->m_pDocument) { 1271 if (pPattern && pPattern->m_pDocument) {
1272 pPattern->SaveColor(NULL);
1272 pPattern->m_pDocument->GetPageData()->ReleasePattern(pPattern->m_pPa tternObj); 1273 pPattern->m_pDocument->GetPageData()->ReleasePattern(pPattern->m_pPa tternObj);
1273 } 1274 }
1274 } 1275 }
1275 FX_Free(m_pBuffer); 1276 FX_Free(m_pBuffer);
1276 m_pBuffer = NULL; 1277 m_pBuffer = NULL;
1277 } 1278 }
1278 void CPDF_Color::ReleaseColorSpace() 1279 void CPDF_Color::ReleaseColorSpace()
1279 { 1280 {
1280 if (m_pCS && m_pCS->m_pDocument && m_pCS->GetArray()) { 1281 if (m_pCS && m_pCS->m_pDocument && m_pCS->GetArray()) {
1281 m_pCS->m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray()); 1282 m_pCS->m_pDocument->GetPageData()->ReleaseColorSpace(m_pCS->GetArray());
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
1322 m_pBuffer = m_pCS->CreateBuf(); 1323 m_pBuffer = m_pCS->CreateBuf();
1323 } 1324 }
1324 CPDF_DocPageData* pDocPageData = NULL; 1325 CPDF_DocPageData* pDocPageData = NULL;
1325 PatternValue* pvalue = (PatternValue*)m_pBuffer; 1326 PatternValue* pvalue = (PatternValue*)m_pBuffer;
1326 if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) { 1327 if (pvalue->m_pPattern && pvalue->m_pPattern->m_pDocument) {
1327 pDocPageData = pvalue->m_pPattern->m_pDocument->GetPageData(); 1328 pDocPageData = pvalue->m_pPattern->m_pDocument->GetPageData();
1328 pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj); 1329 pDocPageData->ReleasePattern(pvalue->m_pPattern->m_pPatternObj);
1329 } 1330 }
1330 pvalue->m_nComps = ncomps; 1331 pvalue->m_nComps = ncomps;
1331 pvalue->m_pPattern = pPattern; 1332 pvalue->m_pPattern = pPattern;
1333 if (pPattern) {
1334 pPattern->SaveColor(this);
1335 }
1332 if (ncomps) { 1336 if (ncomps) {
1333 FXSYS_memcpy32(pvalue->m_Comps, comps, ncomps * sizeof(FX_FLOAT)); 1337 FXSYS_memcpy32(pvalue->m_Comps, comps, ncomps * sizeof(FX_FLOAT));
1334 } 1338 }
1335 } 1339 }
1336 void CPDF_Color::Copy(const CPDF_Color* pSrc) 1340 void CPDF_Color::Copy(const CPDF_Color* pSrc)
1337 { 1341 {
1338 ReleaseBuffer(); 1342 ReleaseBuffer();
1339 ReleaseColorSpace(); 1343 ReleaseColorSpace();
1340 m_pCS = pSrc->m_pCS; 1344 m_pCS = pSrc->m_pCS;
1341 if (m_pCS && m_pCS->m_pDocument) { 1345 if (m_pCS && m_pCS->m_pDocument) {
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
1393 PatternValue* pvalue = (PatternValue*)m_pBuffer; 1397 PatternValue* pvalue = (PatternValue*)m_pBuffer;
1394 return pvalue->m_nComps ? pvalue->m_Comps : NULL; 1398 return pvalue->m_nComps ? pvalue->m_Comps : NULL;
1395 } 1399 }
1396 FX_BOOL CPDF_Color::IsEqual(const CPDF_Color& other) const 1400 FX_BOOL CPDF_Color::IsEqual(const CPDF_Color& other) const
1397 { 1401 {
1398 if (m_pCS != other.m_pCS || m_pCS == NULL) { 1402 if (m_pCS != other.m_pCS || m_pCS == NULL) {
1399 return FALSE; 1403 return FALSE;
1400 } 1404 }
1401 return FXSYS_memcmp32(m_pBuffer, other.m_pBuffer, m_pCS->GetBufSize()) == 0; 1405 return FXSYS_memcmp32(m_pBuffer, other.m_pBuffer, m_pCS->GetBufSize()) == 0;
1402 } 1406 }
OLDNEW
« no previous file with comments | « core/include/fpdfapi/fpdf_resource.h ('k') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('j') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698