Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(795)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: fpdfsdk/src/fsdk_mgr.cpp

Issue 1332653002: Merge to XFA:Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « fpdfsdk/src/fpdfformfill_embeddertest.cpp ('k') | testing/embedder_test.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../public/fpdf_ext.h" 7 #include "../../public/fpdf_ext.h"
8 #include "../include/fsdk_define.h" 8 #include "../include/fsdk_define.h"
9 #include "../include/fpdfxfa/fpdfxfa_doc.h" 9 #include "../include/fpdfxfa/fpdfxfa_doc.h"
10 #include "../include/fpdfxfa/fpdfxfa_page.h" 10 #include "../include/fpdfxfa/fpdfxfa_page.h"
(...skipping 646 matching lines...) Expand 10 before | Expand all | Expand 10 after
657 m_bEnterWidget = FALSE; 657 m_bEnterWidget = FALSE;
658 m_bExitWidget = FALSE; 658 m_bExitWidget = FALSE;
659 m_bOnWidget = FALSE; 659 m_bOnWidget = FALSE;
660 m_CaptureWidget = NULL; 660 m_CaptureWidget = NULL;
661 m_bValid = FALSE; 661 m_bValid = FALSE;
662 m_bLocked = FALSE; 662 m_bLocked = FALSE;
663 m_pAnnotList = NULL; 663 m_pAnnotList = NULL;
664 } 664 }
665 665
666 CPDFSDK_PageView::~CPDFSDK_PageView() { 666 CPDFSDK_PageView::~CPDFSDK_PageView() {
667 // if there is a focused annot on the page, we should kill the focus first.
668 if (CPDFSDK_Annot* focusedAnnot = m_pSDKDoc->GetFocusAnnot()) {
669 for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {
670 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
671 if (pAnnot == focusedAnnot) {
672 KillFocusAnnot();
673 break;
674 }
675 }
676 }
677
667 CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv(); 678 CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();
668 int nAnnotCount = m_fxAnnotArray.GetSize(); 679 CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();
669 for (int i = 0; i < nAnnotCount; i++) { 680 ASSERT(pAnnotHandlerMgr);
681 for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {
670 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i); 682 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
671 // if there is a focused annot on the page, we should kill the focus first.
672 if (pAnnot == m_pSDKDoc->GetFocusAnnot())
673 KillFocusAnnot();
674 CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();
675 ASSERT(pAnnotHandlerMgr);
676 pAnnotHandlerMgr->ReleaseAnnot(pAnnot); 683 pAnnotHandlerMgr->ReleaseAnnot(pAnnot);
677 } 684 }
678 m_fxAnnotArray.RemoveAll(); 685 m_fxAnnotArray.RemoveAll();
679 686
680 delete m_pAnnotList; 687 delete m_pAnnotList;
681 m_pAnnotList = NULL; 688 m_pAnnotList = NULL;
682 } 689 }
683 690
684 void CPDFSDK_PageView::PageView_OnDraw(CFX_RenderDevice* pDevice, 691 void CPDFSDK_PageView::PageView_OnDraw(CFX_RenderDevice* pDevice,
685 CPDF_Matrix* pUser2Device, 692 CPDF_Matrix* pUser2Device,
(...skipping 502 matching lines...) Expand 10 before | Expand all | Expand 10 after
1188 if (!pFocusAnnot) 1195 if (!pFocusAnnot)
1189 return NULL; 1196 return NULL;
1190 1197
1191 for (int i = 0; i < m_fxAnnotArray.GetSize(); i++) { 1198 for (int i = 0; i < m_fxAnnotArray.GetSize(); i++) {
1192 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i); 1199 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
1193 if (pAnnot == pFocusAnnot) 1200 if (pAnnot == pFocusAnnot)
1194 return pAnnot; 1201 return pAnnot;
1195 } 1202 }
1196 return NULL; 1203 return NULL;
1197 } 1204 }
OLDNEW
« no previous file with comments | « fpdfsdk/src/fpdfformfill_embeddertest.cpp ('k') | testing/embedder_test.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698