Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(196)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_parser/fpdf_parser_document.cpp

Issue 441503003: Fix the problem that memory is accessed after released due to invalid type-cast (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fpdfapi/fpdf_parser.h" 7 #include "../../../include/fpdfapi/fpdf_parser.h"
8 #include "../../../include/fpdfapi/fpdf_module.h" 8 #include "../../../include/fpdfapi/fpdf_module.h"
9 extern FX_LPVOID PDFPreviewInitCache(CPDF_Document* pDoc); 9 extern FX_LPVOID PDFPreviewInitCache(CPDF_Document* pDoc);
10 extern void PDFPreviewClearCache(FX_LPVOID pCache); 10 extern void PDFPreviewClearCache(FX_LPVOID pCache);
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
185 return -1; 185 return -1;
186 } 186 }
187 FX_DWORD count = pNode->GetInteger(FX_BSTRC("Count")); 187 FX_DWORD count = pNode->GetInteger(FX_BSTRC("Count"));
188 if (count <= skip_count) { 188 if (count <= skip_count) {
189 skip_count -= count; 189 skip_count -= count;
190 index += count; 190 index += count;
191 return -1; 191 return -1;
192 } 192 }
193 if (count && count == pKidList->GetCount()) { 193 if (count && count == pKidList->GetCount()) {
194 for (FX_DWORD i = 0; i < count; i ++) { 194 for (FX_DWORD i = 0; i < count; i ++) {
195 CPDF_Reference* pKid = (CPDF_Reference*)pKidList->GetElement(i); 195 CPDF_Object* pKid = pKidList->GetElement(i);
196 if (pKid && pKid->GetType() == PDFOBJ_REFERENCE) { 196 if (pKid && pKid->GetType() == PDFOBJ_REFERENCE) {
197 if (pKid->GetRefObjNum() == objnum) { 197 if (((CPDF_Reference*) pKid)->GetRefObjNum() == objnum) {
198 m_PageList.SetAt(index + i, objnum); 198 m_PageList.SetAt(index + i, objnum);
199 return index + i; 199 return index + i;
200 } 200 }
201 } 201 }
202 } 202 }
203 } 203 }
204 for (FX_DWORD i = 0; i < pKidList->GetCount(); i ++) { 204 for (FX_DWORD i = 0; i < pKidList->GetCount(); i ++) {
205 CPDF_Dictionary* pKid = pKidList->GetDict(i); 205 CPDF_Dictionary* pKid = pKidList->GetDict(i);
206 if (pKid == NULL) { 206 if (pKid == NULL) {
207 continue; 207 continue;
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
338 if (pPageDict == pThisPageDict) { 338 if (pPageDict == pThisPageDict) {
339 continue; 339 continue;
340 } 340 }
341 CPDF_Object* pContents = pPageDict ? pPageDict->GetElement(FX_BSTRC("Con tents")) : NULL; 341 CPDF_Object* pContents = pPageDict ? pPageDict->GetElement(FX_BSTRC("Con tents")) : NULL;
342 if (pContents == NULL) { 342 if (pContents == NULL) {
343 continue; 343 continue;
344 } 344 }
345 if (pContents->GetDirectType() == PDFOBJ_ARRAY) { 345 if (pContents->GetDirectType() == PDFOBJ_ARRAY) {
346 CPDF_Array* pArray = (CPDF_Array*)pContents->GetDirect(); 346 CPDF_Array* pArray = (CPDF_Array*)pContents->GetDirect();
347 for (FX_DWORD j = 0; j < pArray->GetCount(); j ++) { 347 for (FX_DWORD j = 0; j < pArray->GetCount(); j ++) {
348 CPDF_Reference* pRef = (CPDF_Reference*)pArray->GetElement(j); 348 CPDF_Object* pRef = pArray->GetElement(j);
349 if (pRef->GetRefObjNum() == objnum) { 349 if (pRef == NULL || pRef->GetType() != PDFOBJ_REFERENCE) {
350 continue;
351 }
352 if (((CPDF_Reference*) pRef)->GetRefObjNum() == objnum) {
350 return TRUE; 353 return TRUE;
351 } 354 }
352 } 355 }
353 } else if (pContents->GetObjNum() == objnum) { 356 } else if (pContents->GetObjNum() == objnum) {
354 return TRUE; 357 return TRUE;
355 } 358 }
356 } 359 }
357 return FALSE; 360 return FALSE;
358 } 361 }
359 FX_DWORD CPDF_Document::GetUserPermissions(FX_BOOL bCheckRevision) const 362 FX_DWORD CPDF_Document::GetUserPermissions(FX_BOOL bCheckRevision) const
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
391 if (m_pDocPage) { 394 if (m_pDocPage) {
392 CPDF_ModuleMgr::Get()->GetPageModule()->ClearDoc(this); 395 CPDF_ModuleMgr::Get()->GetPageModule()->ClearDoc(this);
393 } 396 }
394 } 397 }
395 void CPDF_Document::ClearRenderData() 398 void CPDF_Document::ClearRenderData()
396 { 399 {
397 if (m_pDocRender) { 400 if (m_pDocRender) {
398 CPDF_ModuleMgr::Get()->GetRenderModule()->ClearDocData(m_pDocRender); 401 CPDF_ModuleMgr::Get()->GetRenderModule()->ClearDocData(m_pDocRender);
399 } 402 }
400 } 403 }
OLDNEW
« no previous file with comments | « no previous file | core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698