testing/resources/bug_507316.pdf - Issue 1332653002: Merge to XFA:Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: testing/resources/bug_507316.pdf

Issue 1332653002: Merge to XFA:Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa

Patch Set: Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: testing/resources/bug_507316.pdf

diff --git a/testing/resources/bug_507316.pdf b/testing/resources/bug_507316.pdf

new file mode 100644

index 0000000000000000000000000000000000000000..13c70830f8b51bf50f074d6d518f7fc430c65b68

--- /dev/null

+++ b/testing/resources/bug_507316.pdf

@@ -0,0 +1,145 @@

+%PDF-1.7

+% ò¤ô

+1 0 obj <<

+ /Type /Catalog

+ /Pages 2 0 R

+ /OpenAction 4 0 R

+ /AcroForm 3 0 R

+>>

+endobj

+2 0 obj <<

+ /Type /Pages

+ /Count 3

+ /Kids [6 0 R 7 0 R 8 0 R ]

+>>

+endobj

+3 0 obj <<

+ /CO [11 0 R]

+ /Fields [11 0 R 9 0 R]

+>>

+endobj

+4 0 obj <<

+ /Type /Action

+ /S /JavaScript

+ /JS 5 0 R

+>>

+endobj

+5 0 obj <<>>

+stream

+var i = 0;

+function run()

+ t = this.getField('txtName1');

+ t2 = this.getField('txtName2');

+ t2.setFocus();

+ t.setFocus();

+ t.value='G';

+function remove(){

+ if (i==1){

+ this.removeField('txtName2');

+ }

+ i++;

+app.setTimeOut('run()',2000);

+endstream

+endobj

+6 0 obj <<

+ /Type /Page

+ /Parent 2 0 R

+ /MediaBox [0 0 612 792]

+ /Resources <<>>

+>>

+endobj

+7 0 obj <<

+ /Type /Page

+ /Parent 2 0 R

+ /MediaBox [0 0 612 792]

+ /Resources <<>>

+>>

+endobj

+8 0 obj <<

+ /Type /Page

+ /Parent 2 0 R

+ /MediaBox [0 0 612 792]

+ /Resources <<>>

+ /Annots [9 0 R 11 0 R]

+>>

+endobj

+9 0 obj <<

+ /FT /Tx

+ /Type /Annot

+ /Subtype /Widget

+ /T (txtName2)

+ /F 4

+ /AP <</N 10 0 R>>

+ /Rect [20 20 400 60]

+>>

+endobj

+10 0 obj <<

+ /Type /XObject

+ /Subtype /Form

+ /FormType 1

+>>

+endobj

+11 0 obj <<

+ /FT /Tx

+ /Type /Annot

+ /Subtype /Widget

+ /T (txtName1)

+ /F 4

+ /AP <</N 12 0 R>>

+ /Rect [200 200 400 260]

+ /AA 13 0 R

+>>

+endobj

+12 0 obj <<

+ /Type /XObject

+ /Subtype /Form

+ /FormType 1

+>>

+endobj

+13 0 obj <<

+ /C 14 0 R

+>>

+endobj

+14 0 obj <<

+ /Type /Action

+ /S /JavaScript

+ /JS 15 0 R

+>>

+endobj

+15 0 obj <<>>

+stream

+this.getField('txtName2').value='B';

+this.pageNum=1;

+remove();

+endstream

+endobj

+xref

+0 16

+0000000000 65535 f

+0000000015 00000 n

+0000000106 00000 n

+0000000182 00000 n

+0000000243 00000 n

+0000000309 00000 n

+0000000602 00000 n

+0000000697 00000 n

+0000000792 00000 n

+0000000912 00000 n

+0000001043 00000 n

+0000001113 00000 n

+0000001261 00000 n

+0000001331 00000 n

+0000001365 00000 n

+0000001433 00000 n

+trailer <<

+ /Size 15

+ /Root 1 0 R

+>>

+startxref

+1534

+%%EOF

« no previous file with comments | « testing/resources/bug_507316.in ('k') | no next file » | no next file with comments »