Avoid a potential leak in CPDF_IndirectObjectHolder
Keep a vector of object superseeded by another object. These will
no longer be returned from the holder, but it will clean them
Change-Id: If9754ff6614bd79e9de6ce8c3492230435813218
Reviewed-on: https://pdfium-review.googlesource.com/2790
Reviewed-by: Nicolás Peña <npm@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
index ef3de92..3037d0b 100644
--- a/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
+++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.cpp
@@ -56,7 +56,9 @@
CHECK(!pObj->m_ObjNum);
CPDF_Object* pUnowned = pObj.get();
pObj->m_ObjNum = ++m_LastObjNum;
- m_IndirectObjs[m_LastObjNum].release(); // TODO(tsepez): stop this leak.
+ if (m_IndirectObjs[m_LastObjNum])
+ m_OrphanObjs.push_back(std::move(m_IndirectObjs[m_LastObjNum]));
+
m_IndirectObjs[m_LastObjNum] = std::move(pObj);
return pUnowned;
}
diff --git a/core/fpdfapi/parser/cpdf_indirect_object_holder.h b/core/fpdfapi/parser/cpdf_indirect_object_holder.h
index 1b174d8..b6d33a3 100644
--- a/core/fpdfapi/parser/cpdf_indirect_object_holder.h
+++ b/core/fpdfapi/parser/cpdf_indirect_object_holder.h
@@ -11,6 +11,7 @@
#include <memory>
#include <type_traits>
#include <utility>
+#include <vector>
#include "core/fpdfapi/parser/cpdf_object.h"
#include "core/fxcrt/cfx_string_pool_template.h"
@@ -70,6 +71,7 @@
private:
uint32_t m_LastObjNum;
std::map<uint32_t, std::unique_ptr<CPDF_Object>> m_IndirectObjs;
+ std::vector<std::unique_ptr<CPDF_Object>> m_OrphanObjs;
CFX_WeakPtr<CFX_ByteStringPool> m_pByteStringPool;
};
