Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(441)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp

Issue 1566903002: XFA: Change the destruction order inside CPDFXFA_Document to avoid UAFs. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: actually flip the destruction order Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « fpdfsdk/include/fpdfxfa/fpdfxfa_doc.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../include/fsdk_define.h" 7 #include "../../include/fsdk_define.h"
8 #include "../../include/fpdfxfa/fpdfxfa_doc.h" 8 #include "../../include/fpdfxfa/fpdfxfa_doc.h"
9 #include "../../include/fsdk_mgr.h" 9 #include "../../include/fsdk_mgr.h"
10 #include "../../include/fpdfxfa/fpdfxfa_app.h" 10 #include "../../include/fpdfxfa/fpdfxfa_app.h"
(...skipping 27 matching lines...) Expand all
38 : m_iDocType(DOCTYPE_PDF), 38 : m_iDocType(DOCTYPE_PDF),
39 m_pPDFDoc(pPDFDoc), 39 m_pPDFDoc(pPDFDoc),
40 m_pSDKDoc(nullptr), 40 m_pSDKDoc(nullptr),
41 m_pXFADoc(nullptr), 41 m_pXFADoc(nullptr),
42 m_pXFADocView(nullptr), 42 m_pXFADocView(nullptr),
43 m_pApp(pProvider), 43 m_pApp(pProvider),
44 m_pJSContext(nullptr) { 44 m_pJSContext(nullptr) {
45 } 45 }
46 46
47 CPDFXFA_Document::~CPDFXFA_Document() { 47 CPDFXFA_Document::~CPDFXFA_Document() {
48 if (m_pJSContext && m_pSDKDoc && m_pSDKDoc->GetEnv()) {
49 m_pSDKDoc->GetEnv()->GetJSRuntime()->ReleaseContext(m_pJSContext);
50 m_pJSContext = nullptr;
jun_fang 2016/01/07 04:30:47 Nit: Do we need to set m_pJSContext as nullptr in
Lei Zhang 2016/01/07 06:54:26 Done.
51 }
52
53 delete m_pSDKDoc;
54 m_pSDKDoc = nullptr;
jun_fang 2016/01/07 04:30:47 Nit: as above
Lei Zhang 2016/01/07 06:54:26 Done.
55
48 if (m_pPDFDoc) { 56 if (m_pPDFDoc) {
49 CPDF_Parser* pParser = (CPDF_Parser*)m_pPDFDoc->GetParser(); 57 CPDF_Parser* pParser = (CPDF_Parser*)m_pPDFDoc->GetParser();
50 if (pParser == NULL) { 58 if (pParser)
59 delete pParser;
60 else
51 delete m_pPDFDoc; 61 delete m_pPDFDoc;
52 } else { 62 m_pPDFDoc = nullptr;
jun_fang 2016/01/07 04:30:47 nit: as above
Lei Zhang 2016/01/07 06:54:26 Done.
53 delete pParser;
54 }
55 m_pPDFDoc = NULL;
56 } 63 }
57 if (m_pXFADoc) { 64 if (m_pXFADoc) {
58 IXFA_App* pApp = m_pApp->GetXFAApp(); 65 IXFA_App* pApp = m_pApp->GetXFAApp();
59 if (pApp) { 66 if (pApp) {
60 IXFA_DocHandler* pDocHandler = pApp->GetDocHandler(); 67 IXFA_DocHandler* pDocHandler = pApp->GetDocHandler();
61 if (pDocHandler) { 68 if (pDocHandler) {
62 CloseXFADoc(pDocHandler); 69 CloseXFADoc(pDocHandler);
63 } 70 }
64 } 71 }
65 } 72 }
66
67 if (m_pJSContext) {
68 if (m_pSDKDoc && m_pSDKDoc->GetEnv()) {
69 m_pSDKDoc->GetEnv()->GetJSRuntime()->ReleaseContext(m_pJSContext);
70 m_pJSContext = NULL;
71 }
72 }
73
74 if (m_pSDKDoc)
75 delete m_pSDKDoc;
76 m_pSDKDoc = NULL;
77 } 73 }
78 74
79 FX_BOOL CPDFXFA_Document::LoadXFADoc() { 75 FX_BOOL CPDFXFA_Document::LoadXFADoc() {
80 if (!m_pPDFDoc) 76 if (!m_pPDFDoc)
81 return FALSE; 77 return FALSE;
82 78
83 m_XFAPageList.RemoveAll(); 79 m_XFAPageList.RemoveAll();
84 80
85 IXFA_App* pApp = m_pApp->GetXFAApp(); 81 IXFA_App* pApp = m_pApp->GetXFAApp();
86 if (!pApp) 82 if (!pApp)
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 m_XFAPageList.SetAt(page->GetPageIndex(), NULL); 193 m_XFAPageList.SetAt(page->GetPageIndex(), NULL);
198 } 194 }
199 195
200 CPDFSDK_Document* CPDFXFA_Document::GetSDKDocument( 196 CPDFSDK_Document* CPDFXFA_Document::GetSDKDocument(
201 CPDFDoc_Environment* pFormFillEnv) { 197 CPDFDoc_Environment* pFormFillEnv) {
202 if (!m_pSDKDoc && pFormFillEnv) 198 if (!m_pSDKDoc && pFormFillEnv)
203 m_pSDKDoc = new CPDFSDK_Document(this, pFormFillEnv); 199 m_pSDKDoc = new CPDFSDK_Document(this, pFormFillEnv);
204 return m_pSDKDoc; 200 return m_pSDKDoc;
205 } 201 }
206 202
207 void CPDFXFA_Document::ReleaseSDKDoc() {
208 if (m_pSDKDoc)
209 delete m_pSDKDoc;
210
211 m_pSDKDoc = NULL;
212 }
213
214 void CPDFXFA_Document::FXRect2PDFRect(const CFX_RectF& fxRectF, 203 void CPDFXFA_Document::FXRect2PDFRect(const CFX_RectF& fxRectF,
215 CPDF_Rect& pdfRect) { 204 CPDF_Rect& pdfRect) {
216 pdfRect.left = fxRectF.left; 205 pdfRect.left = fxRectF.left;
217 pdfRect.top = fxRectF.bottom(); 206 pdfRect.top = fxRectF.bottom();
218 pdfRect.right = fxRectF.right(); 207 pdfRect.right = fxRectF.right();
219 pdfRect.bottom = fxRectF.top; 208 pdfRect.bottom = fxRectF.top;
220 } 209 }
221 210
222 //////////////////////////////////////////////////////////////////////////
223 void CPDFXFA_Document::SetChangeMark(IXFA_Doc* hDoc) { 211 void CPDFXFA_Document::SetChangeMark(IXFA_Doc* hDoc) {
224 if (hDoc == m_pXFADoc && m_pSDKDoc) { 212 if (hDoc == m_pXFADoc && m_pSDKDoc) {
225 m_pSDKDoc->SetChangeMark(); 213 m_pSDKDoc->SetChangeMark();
226 } 214 }
227 } 215 }
228 216
229 FX_BOOL CPDFXFA_Document::GetChangeMark(IXFA_Doc* hDoc) { 217 FX_BOOL CPDFXFA_Document::GetChangeMark(IXFA_Doc* hDoc) {
230 if (hDoc == m_pXFADoc && m_pSDKDoc) 218 if (hDoc == m_pXFADoc && m_pSDKDoc)
231 return m_pSDKDoc->GetChangeMark(); 219 return m_pSDKDoc->GetChangeMark();
232 return FALSE; 220 return FALSE;
(...skipping 1034 matching lines...) Expand 10 before | Expand all | Expand 10 after
1267 } 1255 }
1268 1256
1269 return _GetHValueByName(szPropName, hValue, 1257 return _GetHValueByName(szPropName, hValue,
1270 m_pSDKDoc->GetEnv()->GetJSRuntime()); 1258 m_pSDKDoc->GetEnv()->GetJSRuntime());
1271 } 1259 }
1272 FX_BOOL CPDFXFA_Document::_GetHValueByName(const CFX_ByteStringC& utf8Name, 1260 FX_BOOL CPDFXFA_Document::_GetHValueByName(const CFX_ByteStringC& utf8Name,
1273 FXJSE_HVALUE hValue, 1261 FXJSE_HVALUE hValue,
1274 IJS_Runtime* runTime) { 1262 IJS_Runtime* runTime) {
1275 return runTime->GetHValueByName(utf8Name, hValue); 1263 return runTime->GetHValueByName(utf8Name, hValue);
1276 } 1264 }
OLDNEW
« no previous file with comments | « fpdfsdk/include/fpdfxfa/fpdfxfa_doc.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698