From aad5c58996fb2f7653abdb4aa2fc9380c08d86eb Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Sat, 2 Dec 2023 12:58:39 +0200
Subject: [PATCH] LibPDF: Eliminate reference cycle between OutlineItem
 parent/children

Since all parents held a reference pointer to their children, and all
children held reference pointers to their parents, both objects would
never get free'd once the document was no longer being used.

Fixes ossfuzz-63833.
---
 Userland/Libraries/LibPDF/Document.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibPDF/Document.h b/Userland/Libraries/LibPDF/Document.h
index 40675bccc7..39fb571fad 100644
--- a/Userland/Libraries/LibPDF/Document.h
+++ b/Userland/Libraries/LibPDF/Document.h
@@ -36,8 +36,9 @@ struct Destination {
     Vector<Optional<float>> parameters;
 };
 
-struct OutlineItem final : public RefCounted<OutlineItem> {
-    RefPtr<OutlineItem> parent;
+struct OutlineItem final : public RefCounted<OutlineItem>
+    , public Weakable<OutlineItem> {
+    WeakPtr<OutlineItem> parent;
     Vector<NonnullRefPtr<OutlineItem>> children;
     DeprecatedString title; // Already converted to UTF-8.
     i32 count { 0 };