Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(242)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2355083002: Make CPDF_Array not do indirect object creation. (Closed)

Created:
4 years, 3 months ago by Tom Sepez
Modified:
4 years, 3 months ago
Reviewers:
dsinclair
CC:
pdfium-reviews_googlegroups.com
Target Ref:
refs/heads/master
Project:
pdfium
Visibility:
Public.

Description

Make CPDF_Array not do indirect object creation. We remove the indirect object holder argument and check that call sites pass ownable objects, adding a reference in one place that always was passing an indirect object. Also check that the invariant isn't violated, we need to fail here in the wild and investigate -- these are existing UAFs. Committed: https://pdfium.googlesource.com/pdfium/+/5a399de2945d7b244802565d8e9d2f6e662561da

Patch Set 1 #

Patch Set 2 : Use CHECK rather than assert #

Total comments: 6

Patch Set 3 : Missed two references #

Unified diffs Side-by-side diffs Delta from patch set Stats (+26 lines, -44 lines) Patch
M core/fpdfapi/fpdf_edit/fpdf_edit_create.cpp View 2 chunks +2 lines, -2 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_array.cpp View 1 3 chunks +11 lines, -26 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_array_unittest.cpp View 1 chunk +1 line, -2 lines 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_dictionary.cpp View 1 2 chunks +2 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_document.cpp View 1 chunk +1 line, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/cpdf_object_unittest.cpp View 1 chunk +2 lines, -1 line 0 comments Download
M core/fpdfapi/fpdf_parser/include/cpdf_array.h View 1 chunk +3 lines, -7 lines 0 comments Download
M fpdfsdk/fpdfsave.cpp View 1 2 2 chunks +4 lines, -4 lines 0 comments Download

Messages

Total messages: 11 (5 generated)
Tom Sepez
Dan, next one.
4 years, 3 months ago (2016-09-20 19:22:44 UTC) #4
dsinclair
https://codereview.chromium.org/2355083002/diff/20001/core/fpdfapi/fpdf_parser/cpdf_array.cpp File core/fpdfapi/fpdf_parser/cpdf_array.cpp (left): https://codereview.chromium.org/2355083002/diff/20001/core/fpdfapi/fpdf_parser/cpdf_array.cpp#oldcode213 core/fpdfapi/fpdf_parser/cpdf_array.cpp:213: ASSERT(IsArray()); Why remove the asserts? https://codereview.chromium.org/2355083002/diff/20001/fpdfsdk/fpdfsave.cpp File fpdfsdk/fpdfsave.cpp (right): ...
4 years, 3 months ago (2016-09-20 19:32:19 UTC) #5
Tom Sepez
https://codereview.chromium.org/2355083002/diff/20001/core/fpdfapi/fpdf_parser/cpdf_array.cpp File core/fpdfapi/fpdf_parser/cpdf_array.cpp (left): https://codereview.chromium.org/2355083002/diff/20001/core/fpdfapi/fpdf_parser/cpdf_array.cpp#oldcode213 core/fpdfapi/fpdf_parser/cpdf_array.cpp:213: ASSERT(IsArray()); On 2016/09/20 19:32:18, dsinclair wrote: > Why remove ...
4 years, 3 months ago (2016-09-20 20:07:22 UTC) #6
dsinclair
lgtm
4 years, 3 months ago (2016-09-20 20:08:33 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2355083002/40001
4 years, 3 months ago (2016-09-20 20:08:43 UTC) #9
commit-bot: I haz the power
4 years, 3 months ago (2016-09-20 20:23:24 UTC) #11
Message was sent while issue was closed. 
Committed patchset #3 (id:40001) as
https://pdfium.googlesource.com/pdfium/+/5a399de2945d7b244802565d8e9d2f6e6625...

Powered by Google App Engine
This is Rietveld 408576698