pdfium.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tom Sepez <tsepez@chromium.org>	2015-06-02 10:09:49 -0700
committer	Tom Sepez <tsepez@chromium.org>	2015-06-02 10:09:49 -0700
commit	4ff7a4246c81a71b4f878e959b3ca304cd76ec8a (patch)
tree	2a8002655a6300e69408d08196bb86a6f1b0145f /core/include/fpdfapi/fpdf_parser.h
parent	8e1b60824d079546c8cc3f0e3d9fa0ea9fa980fa (diff)
download	pdfium-4ff7a4246c81a71b4f878e959b3ca304cd76ec8a.tar.xz

Fix heap use after free in Document::DoFieldDelay and Document::delay

This fix removes CJS_DelayData object from m_DelayData array and copies them to a new array, before processing them. So contents of m_DelayData array cannot be used after they get freed. BUG=487928 R=tsepez@chromium.org TEST= Chrome pdf plugin should not crash when poc_stable,testuafdocument1.pdf and testuafdocument2.pdf are viewed. see crbug.com/487928 and crbug.com/487928#c18 for more details. Review URL: https://codereview.chromium.org/1163823002

Diffstat (limited to 'core/include/fpdfapi/fpdf_parser.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: