Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1822)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp

Issue 439693002: Fix use-after-free in CPDF_Color::~CPDF_Color (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
diff --git a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
index 8cb6dc77dc85d531333da8b5507f4aabdc1df039..d94691a63dc910afa9f80bd8e25d55a00583c791 100644
--- a/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
+++ b/core/src/fpdfapi/fpdf_page/fpdf_page_pattern.cpp
@@ -6,12 +6,33 @@
#include "../../../include/fpdfapi/fpdf_page.h"
#include "pageint.h"
+
+CPDF_Pattern::CPDF_Pattern(const CFX_AffineMatrix* pParentMatrix)
+{
+ m_pPatternObj = NULL;
Tom Sepez 2014/08/05 17:34:15 nit: these can (and should) occur as part of a : -
jun_fang 2014/08/05 18:21:40 OK. I will update them in the next patch.
+ m_PatternType = PATTERN_TILING;
+ m_pDocument = NULL;
+ m_pColor = NULL;
+
+ if (pParentMatrix) {
+ m_ParentMatrix = *pParentMatrix;
+ }
+}
+
+CPDF_Pattern::~CPDF_Pattern()
+{
+ if (m_pColor) {
+ m_pColor->SetValue(NULL, NULL, 0);
+ m_pColor = NULL;
Tom Sepez 2014/08/05 17:34:14 Do we leak m_pColor here? Who owns this memory?
jun_fang 2014/08/05 18:21:39 No. m_pColor refers to the object of CPDF_Color by
+ }
+}
CPDF_TilingPattern::CPDF_TilingPattern(CPDF_Document* pDoc, CPDF_Object* pPatternObj, const CFX_AffineMatrix* parentMatrix) :
CPDF_Pattern(parentMatrix)
{
m_PatternType = PATTERN_TILING;
m_pPatternObj = pPatternObj;
m_pDocument = pDoc;
+ m_pColor = NULL;
Tom Sepez 2014/08/05 17:34:14 m_pColor is nulled in the parent class constructor
jun_fang 2014/08/05 18:21:40 I will update it in the next patch.
CPDF_Dictionary* pDict = m_pPatternObj->GetDict();
ASSERT(pDict != NULL);
m_Pattern2Form = pDict->GetMatrix(FX_BSTRC("Matrix"));
@@ -25,6 +46,7 @@ CPDF_TilingPattern::~CPDF_TilingPattern()
{
if (m_pForm) {
delete m_pForm;
+ m_pForm = NULL;
}
}
FX_BOOL CPDF_TilingPattern::Load()
@@ -53,6 +75,7 @@ CPDF_ShadingPattern::CPDF_ShadingPattern(CPDF_Document* pDoc, CPDF_Object* pPatt
m_PatternType = PATTERN_SHADING;
m_pPatternObj = bShading ? NULL : pPatternObj;
m_pDocument = pDoc;
+ m_pColor = NULL;
m_bShadingObj = bShading;
if (!bShading) {
CPDF_Dictionary* pDict = m_pPatternObj->GetDict();
« no previous file with comments | « core/src/fpdfapi/fpdf_page/fpdf_page_colors.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698