forcepoint #16: fix heap-use-after-free - libreoffice/core

diff options

author	Miklos Vajna <vmiklos@collabora.co.uk>	2018-03-02 11:18:21 +0100
committer	Michael Stahl <mstahl@redhat.com>	2018-03-02 15:31:41 +0100
commit	bea0195cecc05008b3120ef753c25c0d8d4abccc (patch)
tree	8d8445860b4a0a1ccea6abe9c36c8d45abdd8c52 /jvmfwk
parent	7a7116f2f570eb2d3bdc681a357046391efe9857 (diff)

forcepoint #16: fix heap-use-after-free

PDFDocument::Tokenize() in the aKeyword == "obj" case allocates a PDFObjectElement, stores it as an owning pointer inside rElements, and also stores two non-owning references to it in m_aOffsetObjects and m_aIDObjects. So make sure those 2 other containers are also cleared then elements go away. LO_TRACE="valgrind" bin/run pdfverify <sample> doesn't report errors anymore after the fix. Change-Id: Ie103de3e24a1080257a79e53b994e8536a9597bc Reviewed-on: https://gerrit.libreoffice.org/50631 Reviewed-by: Michael Stahl <mstahl@redhat.com> Tested-by: Michael Stahl <mstahl@redhat.com>

Diffstat (limited to 'jvmfwk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: