XFA: merge patch from issue 803103002
authorJUN FANG <jun_fang@foxitsoftware.com>
Wed, 17 Dec 2014 21:58:56 +0000 (13:58 -0800)
committerJUN FANG <jun_fang@foxitsoftware.com>
Wed, 17 Dec 2014 22:06:56 +0000 (14:06 -0800)
Before this fix, the root will be released when an indirect object has the
same object number with the root. However, the root object is loaded when
the trailer is parsed. It shall not be updated or replaced anymore.

BUG=425040
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/803103002

core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

index a577717..0397971 100644 (file)
@@ -1007,7 +1007,15 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE pos, FX_FILESIZE& prev, FX_BOOL
         return FALSE;
     }
     if (m_pDocument) {
-        m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+        CPDF_Dictionary * pDict = m_pDocument->GetRoot();
+        if (!pDict || pDict->GetObjNum() != pStream->m_ObjNum) {
+            m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+        } else {
+            if (pStream->GetType() == PDFOBJ_STREAM) {
+                pStream->Release();
+            }
+            return FALSE;
+        }
     }
     if (pStream->GetType() != PDFOBJ_STREAM) {
         return FALSE;