fpdfsdk/src/fsdk_mgr.cpp - Issue 1353063002: Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: fpdfsdk/src/fsdk_mgr.cpp

Issue 1353063002: Merge to M45: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@2454

Patch Set: Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: fpdfsdk/src/fsdk_mgr.cpp

diff --git a/fpdfsdk/src/fsdk_mgr.cpp b/fpdfsdk/src/fsdk_mgr.cpp

index 527538cd0936d3e0aa012cbfc367179cb264b8fd..9840d60220b7164cb30fe87b10b1368b28b05c98 100644

--- a/fpdfsdk/src/fsdk_mgr.cpp

+++ b/fpdfsdk/src/fsdk_mgr.cpp

@@ -613,28 +613,33 @@ CPDFSDK_PageView::CPDFSDK_PageView(CPDFSDK_Document* pSDKDoc,CPDF_Page* page):m_

CPDFSDK_PageView::~CPDFSDK_PageView()

{

- CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();

- int nAnnotCount = m_fxAnnotArray.GetSize();

+ // if there is a focused annot on the page, we should kill the focus first.

+ if (CPDFSDK_Annot* focusedAnnot = m_pSDKDoc->GetFocusAnnot()) {

+ for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {

+ CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);

+ if (pAnnot == focusedAnnot) {

+ KillFocusAnnot();

+ break;

+ }

- for (int i=0; i<nAnnotCount; i++)

- {

- CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);

- //if there is a focused annot on the page, we should kill the focus first.

- if(pAnnot == m_pSDKDoc->GetFocusAnnot())

- KillFocusAnnot();

- CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();

- ASSERT(pAnnotHandlerMgr);

- pAnnotHandlerMgr->ReleaseAnnot(pAnnot);

- }

- m_fxAnnotArray.RemoveAll();

+ CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();

+ CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();

+ ASSERT(pAnnotHandlerMgr);

+ for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {

+ CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);

+ pAnnotHandlerMgr->ReleaseAnnot(pAnnot);

+ }

+ m_fxAnnotArray.RemoveAll();

- delete m_pAnnotList;

- m_pAnnotList = NULL;

+ delete m_pAnnotList;

+ m_pAnnotList = NULL;

- m_page->RemovePrivateData((void*)m_page);

- if(m_bTakeOverPage) {

- delete m_page;

- }

+ m_page->RemovePrivateData((void*)m_page);

+ if (m_bTakeOverPage) {

+ delete m_page;

+ }

}

void CPDFSDK_PageView::PageView_OnDraw(CFX_RenderDevice* pDevice, CPDF_Matrix* pUser2Device,CPDF_RenderOptions* pOptions)

« no previous file with comments | « fpdfsdk/src/fpdfformfill_embeddertest.cpp ('k') | testing/embedder_test.h » ('j') | no next file with comments »