diff options
author | Artem Strygin <art-snake@yandex-team.ru> | 2017-10-04 19:43:10 +0300 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-04 17:31:05 +0000 |
commit | adb19b0b11ab16a406d23797564fc0ec3a5da245 (patch) | |
tree | cfc6b1d4b23a4433e0dd8026750bd5914eb2b78d /fxjs/cfxjse_runtimedata.cpp | |
parent | 3e3a78b68c31a5e7b27ef9ebd35f287603abe7fa (diff) | |
download | pdfium-adb19b0b11ab16a406d23797564fc0ec3a5da245.tar.xz |
Fix Heap-use-after-free in CPDF_SecurityHandler::~CPDF_SecurityHandler.
The CPDF_SecurityHandler contains unowned reference to "ID" array, which is owned by main trailer.
Main trailer is owned by CPDF_Parser::m_TrailerData
To fix this issue
set m_TrailerData before m_pSecurityHandler(CPDF_SecurityHandler) in CPDF_Parser members list.
Bug: chromium:771479
Change-Id: I38413ba16b1454ac775c8a07b126fa3b86714c1b
Reviewed-on: https://pdfium-review.googlesource.com/15430
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Art Snake <art-snake@yandex-team.ru>
Diffstat (limited to 'fxjs/cfxjse_runtimedata.cpp')
0 files changed, 0 insertions, 0 deletions