Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1595)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp

Issue 439693002: Fix use-after-free in CPDF_Color::~CPDF_Color (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « core/include/fpdfapi/fpdf_resource.h ('k') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('j') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
index 1b7cb03ee296cc6ac158e0b03ea6e82cd1856368..8cd26fee377f9faa3b5724099877a25b4b87d245 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp
@@ -1269,6 +1269,7 @@ void CPDF_Color::ReleaseBuffer()
PatternValue* pvalue = (PatternValue*)m_pBuffer;
CPDF_Pattern* pPattern = pvalue->m_pPattern;
if (pPattern && pPattern->m_pDocument) {
+ pPattern->SaveColor(NULL);
pPattern->m_pDocument->GetPageData()->ReleasePattern(pPattern->m_pPatternObj);
}
}
@@ -1329,6 +1330,9 @@ void CPDF_Color::SetValue(CPDF_Pattern* pPattern, FX_FLOAT* comps, int ncomps)
}
pvalue->m_nComps = ncomps;
pvalue->m_pPattern = pPattern;
+ if (pPattern) {
+ pPattern->SaveColor(this);
+ }
if (ncomps) {
FXSYS_memcpy32(pvalue->m_Comps, comps, ncomps * sizeof(FX_FLOAT));
}
« no previous file with comments | « core/include/fpdfapi/fpdf_resource.h ('k') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('j') | core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698