Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(199)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: fpdfsdk/src/fsdk_mgr.cpp

Issue 1353063002: Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@2454
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « fpdfsdk/src/fpdfformfill_embeddertest.cpp ('k') | testing/embedder_test.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../public/fpdf_ext.h" 7 #include "../../public/fpdf_ext.h"
8 #include "../../third_party/base/nonstd_unique_ptr.h" 8 #include "../../third_party/base/nonstd_unique_ptr.h"
9 #include "../include/fsdk_define.h" 9 #include "../include/fsdk_define.h"
10 #include "../include/fsdk_mgr.h" 10 #include "../include/fsdk_mgr.h"
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after
606 m_bExitWidget = FALSE; 606 m_bExitWidget = FALSE;
607 m_bOnWidget = FALSE; 607 m_bOnWidget = FALSE;
608 m_CaptureWidget = NULL; 608 m_CaptureWidget = NULL;
609 m_bValid = FALSE; 609 m_bValid = FALSE;
610 m_bLocked = FALSE; 610 m_bLocked = FALSE;
611 m_bTakeOverPage = FALSE; 611 m_bTakeOverPage = FALSE;
612 } 612 }
613 613
614 CPDFSDK_PageView::~CPDFSDK_PageView() 614 CPDFSDK_PageView::~CPDFSDK_PageView()
615 { 615 {
616 » CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv(); 616 // if there is a focused annot on the page, we should kill the focus first.
617 » int nAnnotCount = m_fxAnnotArray.GetSize(); 617 if (CPDFSDK_Annot* focusedAnnot = m_pSDKDoc->GetFocusAnnot()) {
618 for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {
619 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
620 if (pAnnot == focusedAnnot) {
621 KillFocusAnnot();
622 break;
623 }
624 }
625 }
618 626
619 » for (int i=0; i<nAnnotCount; i++) 627 CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();
620 » { 628 CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();
621 » » CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i); 629 ASSERT(pAnnotHandlerMgr);
622 » » //if there is a focused annot on the page, we should kill the fo cus first. 630 for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {
623 » » if(pAnnot == m_pSDKDoc->GetFocusAnnot()) 631 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
624 » » » KillFocusAnnot(); 632 pAnnotHandlerMgr->ReleaseAnnot(pAnnot);
625 » » CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandle rMgr(); 633 }
626 » » ASSERT(pAnnotHandlerMgr); 634 m_fxAnnotArray.RemoveAll();
627 » » pAnnotHandlerMgr->ReleaseAnnot(pAnnot);
628 » }
629 » m_fxAnnotArray.RemoveAll();
630 635
631 delete m_pAnnotList; 636 delete m_pAnnotList;
632 m_pAnnotList = NULL; 637 m_pAnnotList = NULL;
633 638
634 m_page->RemovePrivateData((void*)m_page); 639 m_page->RemovePrivateData((void*)m_page);
635 if(m_bTakeOverPage) { 640 if (m_bTakeOverPage) {
636 delete m_page; 641 delete m_page;
637 } 642 }
638 } 643 }
639 644
640 void CPDFSDK_PageView::PageView_OnDraw(CFX_RenderDevice* pDevice, CPDF_Matrix* p User2Device,CPDF_RenderOptions* pOptions) 645 void CPDFSDK_PageView::PageView_OnDraw(CFX_RenderDevice* pDevice, CPDF_Matrix* p User2Device,CPDF_RenderOptions* pOptions)
641 { 646 {
642 m_curMatrix = *pUser2Device; 647 m_curMatrix = *pUser2Device;
643 648
644 CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv(); 649 CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();
645 CPDFSDK_AnnotIterator annotIterator(this, TRUE); 650 CPDFSDK_AnnotIterator annotIterator(this, TRUE);
646 CPDFSDK_Annot* pSDKAnnot = nullptr; 651 CPDFSDK_Annot* pSDKAnnot = nullptr;
647 int index = -1; 652 int index = -1;
(...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after
1042 1047
1043 for(int i=0; i<m_fxAnnotArray.GetSize(); i++) 1048 for(int i=0; i<m_fxAnnotArray.GetSize(); i++)
1044 { 1049 {
1045 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i); 1050 CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
1046 if(pAnnot == pFocusAnnot) 1051 if(pAnnot == pFocusAnnot)
1047 return pAnnot; 1052 return pAnnot;
1048 } 1053 }
1049 return NULL; 1054 return NULL;
1050 } 1055 }
1051 1056
OLDNEW
« no previous file with comments | « fpdfsdk/src/fpdfformfill_embeddertest.cpp ('k') | testing/embedder_test.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698