forcepoint #16: fix heap-use-after-free

PDFDocument::Tokenize() in the aKeyword == "obj" case allocates a
PDFObjectElement, stores it as an owning pointer inside rElements, and
also stores two non-owning references to it in m_aOffsetObjects and
m_aIDObjects. So make sure those 2 other containers are also cleared
then elements go away.

LO_TRACE="valgrind" bin/run pdfverify <sample>

doesn't report errors anymore after the fix.

Change-Id: Ie103de3e24a1080257a79e53b994e8536a9597bc
Reviewed-on: https://gerrit.libreoffice.org/50627
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>

2 files changed, 2 insertions, 0 deletions

diff --git a/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf b/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf
new file mode 100644
index 000000000000..9edccb47f40c
--- /dev/null
+++ b/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index cb7fd4cfe945..8cf913279643 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -452,6 +452,8 @@ void PDFSigningTest::testTokenize()
         "tdf107149.pdf",
         // Nested parentheses were not handled.
         "tdf114460.pdf",
+        // Valgrind was unhappy about this.
+        "forcepoint16.pdf",
     };
 
     for (const auto& rName : aNames)