M73: Fix data ownership in CPDF_ObjectStream.
Make CFX_ReadOnlyMemoryStream capable of holding onto data. Use it in
CPDF_ObjectStream to make the stream data refcounted, instead of letting
CPDF_ObjectStream have ownership.
Commit 0389ff1a incorrectly changed data ownership. Although
CPDF_ObjectStream does not hand out its |data_stream_| directly,
ParseObjectAtOffset() will use it with a local CPDF_SyntaxParser, and
the CPDF_SyntaxParser hands off the data stream to the returned object.
BUG=chromium:933212
TBR=dsinclair@chromium.org
Change-Id: I703735cfa7e2720af3008ec57158fd875d3a0723
Reviewed-on: https://pdfium-review.googlesource.com/c/50955
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
(cherry picked from commit 5f79016feed97837d94f98460fc90896641ba530)
Reviewed-on: https://pdfium-review.googlesource.com/c/51030
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/core/fpdfapi/parser/cpdf_object_stream.cpp b/core/fpdfapi/parser/cpdf_object_stream.cpp
index 2a896b8..3f974ee 100644
--- a/core/fpdfapi/parser/cpdf_object_stream.cpp
+++ b/core/fpdfapi/parser/cpdf_object_stream.cpp
@@ -97,9 +97,8 @@
auto stream_acc = pdfium::MakeRetain<CPDF_StreamAcc>(stream);
stream_acc->LoadAllDataFiltered();
const uint32_t data_size = stream_acc->GetSize();
- data_ = stream_acc->DetachData();
data_stream_ = pdfium::MakeRetain<CFX_ReadOnlyMemoryStream>(
- pdfium::make_span(data_.get(), data_size));
+ stream_acc->DetachData(), data_size);
}
CPDF_SyntaxParser syntax(data_stream_);
diff --git a/core/fpdfapi/parser/cpdf_object_stream.h b/core/fpdfapi/parser/cpdf_object_stream.h
index e96cff0..008c0cd 100644
--- a/core/fpdfapi/parser/cpdf_object_stream.h
+++ b/core/fpdfapi/parser/cpdf_object_stream.h
@@ -47,8 +47,6 @@
uint32_t obj_num_ = CPDF_Object::kInvalidObjNum;
uint32_t extends_obj_num_ = CPDF_Object::kInvalidObjNum;
- // |data_| holds the data used by |data_stream_|.
- std::unique_ptr<uint8_t, FxFreeDeleter> data_;
RetainPtr<IFX_SeekableReadStream> data_stream_;
int first_object_offset_ = 0;
std::map<uint32_t, uint32_t> objects_offsets_;
diff --git a/core/fxcrt/cfx_readonlymemorystream.cpp b/core/fxcrt/cfx_readonlymemorystream.cpp
index bd31ee3..807788a 100644
--- a/core/fxcrt/cfx_readonlymemorystream.cpp
+++ b/core/fxcrt/cfx_readonlymemorystream.cpp
@@ -6,9 +6,16 @@
#include "core/fxcrt/cfx_readonlymemorystream.h"
+#include <utility>
+
#include "core/fxcrt/fx_safe_types.h"
CFX_ReadOnlyMemoryStream::CFX_ReadOnlyMemoryStream(
+ std::unique_ptr<uint8_t, FxFreeDeleter> data,
+ size_t size)
+ : m_data(std::move(data)), m_span(m_data.get(), size) {}
+
+CFX_ReadOnlyMemoryStream::CFX_ReadOnlyMemoryStream(
pdfium::span<const uint8_t> span)
: m_span(span) {}
diff --git a/core/fxcrt/cfx_readonlymemorystream.h b/core/fxcrt/cfx_readonlymemorystream.h
index df277b5..074ed8f 100644
--- a/core/fxcrt/cfx_readonlymemorystream.h
+++ b/core/fxcrt/cfx_readonlymemorystream.h
@@ -7,6 +7,9 @@
#ifndef CORE_FXCRT_CFX_READONLYMEMORYSTREAM_H_
#define CORE_FXCRT_CFX_READONLYMEMORYSTREAM_H_
+#include <memory>
+
+#include "core/fxcrt/fx_memory.h"
#include "core/fxcrt/fx_stream.h"
#include "core/fxcrt/retain_ptr.h"
#include "third_party/base/span.h"
@@ -23,9 +26,12 @@
size_t size) override;
private:
+ CFX_ReadOnlyMemoryStream(std::unique_ptr<uint8_t, FxFreeDeleter> data,
+ size_t size);
explicit CFX_ReadOnlyMemoryStream(pdfium::span<const uint8_t> span);
~CFX_ReadOnlyMemoryStream() override;
+ std::unique_ptr<uint8_t, FxFreeDeleter> m_data;
const pdfium::span<const uint8_t> m_span;
};
