Issue 1353063002: Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 1353063002: Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. (Closed)

Created:
5 years, 3 months ago by Lei Zhang

Modified:
5 years, 3 months ago

Reviewers:
Tom Sepez

CC:
pdfium-reviews_googlegroups.com

Base URL:
https://pdfium.googlesource.com/pdfium.git@2454

Target Ref:
refs/heads/chromium/2454

Visibility:
Public.

More Reviews

Description

Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. Use two seperate loops to kill current focus annot and to release annots in current page. Loop to kill current focus annot is run first, so it will not access deleted annots. BUG=507316 TBR=tsepez@chromium.org TEST=Reproduction steps mentioned in issue 507316 should not crash chrome. Unit test added to pdfium. Run pdfium_embeddertests.exe. Review URL: https://codereview.chromium.org/1312313006 . (cherry picked from commit 9241e5a43990859f6f9a94aaa2c488d0451039e3) Committed: https://pdfium.googlesource.com/pdfium/+/035407c7aa8b559538e94d72394a462aa71e53f9

Patch Set 1 #

Created: 5 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+86 lines, -19 lines)			Patch
M	fpdfsdk/src/fpdfformfill_embeddertest.cpp	View	1 chunk	+12 lines, -0 lines	0 comments	Download
M	fpdfsdk/src/fsdk_mgr.cpp	View	1 chunk	+24 lines, -19 lines	0 comments	Download
M	testing/embedder_test.h	View	4 chunks	+16 lines, -0 lines	0 comments	Download
M	testing/embedder_test.cpp	View	4 chunks	+34 lines, -0 lines	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

Lei Zhang

TBR, conflicted due to lack of clang formatting, so I just took the clang formatted ...

5 years, 3 months ago (2015-09-18 01:08:52 UTC) #1

Lei Zhang

5 years, 3 months ago (2015-09-18 01:09:01 UTC) #2

Message was sent while issue was closed.

Committed patchset #1 (id:1) manually as
035407c7aa8b559538e94d72394a462aa71e53f9 (presubmit successful).

Expand Messages | Collapse Messages