Release unowned CS reference before maybe destroying owned one Colorspaces need to be properly refcounted but in the mean time, get rid of an obvious dangling pointer. Bug: 726728 Change-Id: I6bd879b18f61f7f5defd2679ce896013eb218b9b Reviewed-on: https://pdfium-review.googlesource.com/6072 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>

commit: fb9c11b49ee4fe6c18703d661dcaee498085c4c5 [log] [tgz]
author: Tom Sepez <tsepez@chromium.org> Fri May 26 11:25:06 2017 -0700
committer: Chromium commit bot <commit-bot@chromium.org> Fri May 26 19:16:38 2017 +0000
tree: 026f0d4df7b09ef52f485de663dbbc20239100fe
parent: f1697fa06b9fae75dd1c0782f5a721795cfc4a0c [diff]
diff --git a/core/fpdfapi/page/cpdf_shadingpattern.cpp b/core/fpdfapi/page/cpdf_shadingpattern.cpp
index c21f51c..542c405 100644
--- a/core/fpdfapi/page/cpdf_shadingpattern.cpp
+++ b/core/fpdfapi/page/cpdf_shadingpattern.cpp

@@ -45,11 +45,13 @@
 }
 
 CPDF_ShadingPattern::~CPDF_ShadingPattern() {
-  CPDF_ColorSpace* pCS = m_pCountedCS ? m_pCountedCS->get() : nullptr;
-  if (pCS) {
+  CPDF_ColorSpace* pCountedCS = m_pCountedCS ? m_pCountedCS->get() : nullptr;
+  if (pCountedCS) {
     auto* pPageData = document()->GetPageData();
-    if (pPageData)
-      pPageData->ReleaseColorSpace(pCS->GetArray());
+    if (pPageData) {
+      m_pCS.Release();  // Give up unowned reference first.
+      pPageData->ReleaseColorSpace(pCountedCS->GetArray());
+    }
   }
 }
commit	fb9c11b49ee4fe6c18703d661dcaee498085c4c5	[log] [tgz]
author	Tom Sepez <tsepez@chromium.org>	Fri May 26 11:25:06 2017 -0700
committer	Chromium commit bot <commit-bot@chromium.org>	Fri May 26 19:16:38 2017 +0000
tree	026f0d4df7b09ef52f485de663dbbc20239100fe
parent	f1697fa06b9fae75dd1c0782f5a721795cfc4a0c [diff]