Fix use-after-free in CPDF_Color::~CPDF_Color

core/include/fpdfapi/fpdf_resource.h

Index: core/include/fpdfapi/fpdf_resource.h
diff --git a/core/include/fpdfapi/fpdf_resource.h b/core/include/fpdfapi/fpdf_resource.h
index 7e9e4123251d1c3ccdc706b6930d93cd808b0569..a6eedc166c2c87cf568a4b034cb7d3cac9d173df 100644
--- a/core/include/fpdfapi/fpdf_resource.h
+++ b/core/include/fpdfapi/fpdf_resource.h
@@ -731,16 +731,18 @@ class CPDF_Pattern : public CFX_Object
 {
 public:
 

[Tom Sepez, 2014/08/04 18:02:32]

Too bad this doesn't have a constructor to set up the pointer members in all
cases.

[palmer, 2014/08/04 18:17:11]

We need to start making sure every class and struct has the constructors it
needs, and that all constructors assert at least minimal correctness and safety
invariants. Now is a good time to start. :)

[jun_fang, 2014/08/04 18:37:11]

This class is a interface class. It doesn't need to be instantiated.So it just
have a protected constructor CPDF_Pattern(const CFX_AffineMatrix*
pParentMatrix). I will add the member variables initialization in this
constructor. 

-    virtual ~CPDF_Pattern() {}
+    virtual ~CPDF_Pattern();
+    void SaveColor(CPDF_Color* pColor) {m_pColor = pColor;}
 
-    CPDF_Object*			m_pPatternObj;
+    CPDF_Object*                m_pPatternObj;
 
-    int						m_PatternType;
+    int                         m_PatternType;
 
-    CFX_AffineMatrix		m_Pattern2Form;
-    CFX_AffineMatrix		m_ParentMatrix;
+    CFX_AffineMatrix            m_Pattern2Form;
+    CFX_AffineMatrix            m_ParentMatrix;
 
-    CPDF_Document*			m_pDocument;
+    CPDF_Document*              m_pDocument;
+    CPDF_Color*                 m_pColor;
 
 protected: