Fix a bug that occurs when an object has the same object number with the root object
authorJUN FANG <jun_fang@foxitsoftware.com>
Wed, 17 Dec 2014 21:58:56 +0000 (13:58 -0800)
committerJUN FANG <jun_fang@foxitsoftware.com>
Wed, 17 Dec 2014 21:58:56 +0000 (13:58 -0800)
Before this fix, the root will be released when an indirect object has the
same object number with the root. However, the root object is loaded when
the trailer is parsed. It shall not be updated or replaced anymore.

BUG=425040
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/803103002

core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp

index 2f834ea..9fa26d8 100644 (file)
@@ -1003,7 +1003,15 @@ FX_BOOL CPDF_Parser::LoadCrossRefV5(FX_FILESIZE pos, FX_FILESIZE& prev, FX_BOOL
         return FALSE;
     }
     if (m_pDocument) {
-        m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+        CPDF_Dictionary * pDict = m_pDocument->GetRoot();
+        if (!pDict || pDict->GetObjNum() != pStream->m_ObjNum) {
+            m_pDocument->InsertIndirectObject(pStream->m_ObjNum, pStream);
+        } else {
+            if (pStream->GetType() == PDFOBJ_STREAM) {
+                pStream->Release();
+            }
+            return FALSE;
+        }
     }
     if (pStream->GetType() != PDFOBJ_STREAM) {
         return FALSE;