forcepoint #16: fix heap-use-after-free

PDFDocument::Tokenize() in the aKeyword == "obj" case allocates a
PDFObjectElement, stores it as an owning pointer inside rElements, and
also stores two non-owning references to it in m_aOffsetObjects and
m_aIDObjects. So make sure those 2 other containers are also cleared
then elements go away.

LO_TRACE="valgrind" bin/run pdfverify <sample>

doesn't report errors anymore after the fix.

Reviewed-on: https://gerrit.libreoffice.org/50632Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 506d4cbc)

Change-Id: Ie103de3e24a1080257a79e53b994e8536a9597bc

vcl/source/filter/ipdf/pdfdocument.cxx

@@ -1280,8 +1280,10 @@ bool PDFDocument::Read(SvStream& rStream)
         if (pPrev)
             nStartXRef = pPrev->GetValue();
 
-        // Reset state, except object offsets and the edit buffer.
+        // Reset state, except the edit buffer.
         m_aElements.clear();
+        m_aOffsetObjects.clear();
+        m_aIDObjects.clear();
         m_aStartXRefs.clear();
         m_aEOFs.clear();
         m_pTrailer = nullptr;

xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx

@@ -416,6 +416,8 @@ void PDFSigningTest::testTokenize()
         // File that's intentionally smaller than 1024 bytes.
         OUStringLiteral("small.pdf"),
         OUStringLiteral("tdf107149.pdf"),
+        // Valgrind was unhappy about this.
+        OUStringLiteral("forcepoint16.pdf"),
     };
 
     for (const auto& rName : aNames)