diff options
| author | Lei Zhang <thestig@chromium.org> | 2016-01-06 22:54:48 -0800 |
|---|---|---|
| committer | Lei Zhang <thestig@chromium.org> | 2016-01-06 22:54:48 -0800 |
| commit | 20e25f2d6cbe4e9955a6e7c445749d5492548d76 (patch) | |
| tree | f8050017d4fd24cdb6b33d37067386a55465577d /fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp | |
| parent | ab5537db5f9f52f19dea03850512fd6b10bdcd84 (diff) | |
| download | pdfium-20e25f2d6cbe4e9955a6e7c445749d5492548d76.tar.xz | |
XFA: Change the destruction order inside CPDFXFA_Document to avoid UAFs.
R=jun_fang@foxitsoftware.com, tsepez@chromium.org
Review URL: https://codereview.chromium.org/1566903002 .
Diffstat (limited to 'fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp')
| -rw-r--r-- | fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp | 34 |
1 files changed, 9 insertions, 25 deletions
diff --git a/fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp b/fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp index 16f3209af3..fb30ba44d0 100644 --- a/fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp +++ b/fpdfsdk/src/fpdfxfa/fpdfxfa_doc.cpp @@ -45,14 +45,17 @@ CPDFXFA_Document::CPDFXFA_Document(CPDF_Document* pPDFDoc, }
CPDFXFA_Document::~CPDFXFA_Document() {
+ if (m_pJSContext && m_pSDKDoc && m_pSDKDoc->GetEnv())
+ m_pSDKDoc->GetEnv()->GetJSRuntime()->ReleaseContext(m_pJSContext);
+
+ delete m_pSDKDoc;
+
if (m_pPDFDoc) {
- CPDF_Parser* pParser = (CPDF_Parser*)m_pPDFDoc->GetParser();
- if (pParser == NULL) {
- delete m_pPDFDoc;
- } else {
+ CPDF_Parser* pParser = m_pPDFDoc->GetParser();
+ if (pParser)
delete pParser;
- }
- m_pPDFDoc = NULL;
+ else
+ delete m_pPDFDoc;
}
if (m_pXFADoc) {
IXFA_App* pApp = m_pApp->GetXFAApp();
@@ -63,17 +66,6 @@ CPDFXFA_Document::~CPDFXFA_Document() { }
}
}
-
- if (m_pJSContext) {
- if (m_pSDKDoc && m_pSDKDoc->GetEnv()) {
- m_pSDKDoc->GetEnv()->GetJSRuntime()->ReleaseContext(m_pJSContext);
- m_pJSContext = NULL;
- }
- }
-
- if (m_pSDKDoc)
- delete m_pSDKDoc;
- m_pSDKDoc = NULL;
}
FX_BOOL CPDFXFA_Document::LoadXFADoc() {
@@ -204,13 +196,6 @@ CPDFSDK_Document* CPDFXFA_Document::GetSDKDocument( return m_pSDKDoc;
}
-void CPDFXFA_Document::ReleaseSDKDoc() {
- if (m_pSDKDoc)
- delete m_pSDKDoc;
-
- m_pSDKDoc = NULL;
-}
-
void CPDFXFA_Document::FXRect2PDFRect(const CFX_RectF& fxRectF,
CPDF_Rect& pdfRect) {
pdfRect.left = fxRectF.left;
@@ -219,7 +204,6 @@ void CPDFXFA_Document::FXRect2PDFRect(const CFX_RectF& fxRectF, pdfRect.bottom = fxRectF.top;
}
-//////////////////////////////////////////////////////////////////////////
void CPDFXFA_Document::SetChangeMark(IXFA_Doc* hDoc) {
if (hDoc == m_pXFADoc && m_pSDKDoc) {
m_pSDKDoc->SetChangeMark();
|