diff options
| author | Lei Zhang <thestig@chromium.org> | 2015-09-15 16:57:43 -0700 |
|---|---|---|
| committer | Lei Zhang <thestig@chromium.org> | 2015-09-15 16:57:43 -0700 |
| commit | 3c468f9d8077b00acae6dc4ed38e9638ae348924 (patch) | |
| tree | 94efdf1ad27e901e8083d15a5cad8f1eeeb4fe96 /fpdfsdk/src/fpdfformfill_embeddertest.cpp | |
| parent | f44089285c40a6887666dfb2bdd00bf7c6dcb8d9 (diff) | |
| download | pdfium-3c468f9d8077b00acae6dc4ed38e9638ae348924.tar.xz | |
Merge to M46: Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.
Use two seperate loops to kill current focus annot and to release annots
in current page. Loop to kill current focus annot is run first, so it
will not access deleted annots.
BUG=507316
TBR=tsepez@chromium.org
TEST=Reproduction steps mentioned in issue 507316 should not crash
chrome.
Unit test added to pdfium.
Run pdfium_embeddertests.exe.
Review URL: https://codereview.chromium.org/1312313006 .
(cherry picked from commit 9241e5a43990859f6f9a94aaa2c488d0451039e3)
Review URL: https://codereview.chromium.org/1348433003 .
Diffstat (limited to 'fpdfsdk/src/fpdfformfill_embeddertest.cpp')
| -rw-r--r-- | fpdfsdk/src/fpdfformfill_embeddertest.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fpdfsdk/src/fpdfformfill_embeddertest.cpp b/fpdfsdk/src/fpdfformfill_embeddertest.cpp index 6baad11531..56710b9f83 100644 --- a/fpdfsdk/src/fpdfformfill_embeddertest.cpp +++ b/fpdfsdk/src/fpdfformfill_embeddertest.cpp @@ -40,6 +40,18 @@ TEST_F(FPDFFormFillEmbeddertest, BUG_487928) { UnloadPage(page); } +TEST_F(FPDFFormFillEmbeddertest, BUG_507316) { + EmbedderTestTimerHandlingDelegate delegate; + SetDelegate(&delegate); + + EXPECT_TRUE(OpenDocument("testing/resources/bug_507316.pdf")); + FPDF_PAGE page = LoadAndCachePage(2); + EXPECT_NE(nullptr, page); + DoOpenActions(); + delegate.AdvanceTime(4000); + UnloadPage(page); +} + TEST_F(FPDFFormFillEmbeddertest, BUG_514690) { EXPECT_TRUE(OpenDocument("testing/resources/hello_world.pdf")); FPDF_PAGE page = LoadPage(0); |