diff options
| author | Tom Sepez <tsepez@chromium.org> | 2015-09-09 09:58:10 -0700 |
|---|---|---|
| committer | Tom Sepez <tsepez@chromium.org> | 2015-09-09 09:58:10 -0700 |
| commit | 9241e5a43990859f6f9a94aaa2c488d0451039e3 (patch) | |
| tree | d59fa133dccca79cb9b2e9da5930cae8aa6ad75e /testing/embedder_test.h | |
| parent | 343dbb841f4c12e819932e2b66dd70f817337d97 (diff) | |
| download | pdfium-9241e5a43990859f6f9a94aaa2c488d0451039e3.tar.xz | |
Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.
Use two seperate loops to kill current focus annot and to release annots
in current page. Loop to kill current focus annot is run first, so it
will not access deleted annots.
BUG=507316
R=tsepez@chromium.org
TEST=Reproduction steps mentioned in issue 507316 should not crash
chrome.
Unit test added to pdfium.
Run pdfium_embeddertests.exe.
Review URL: https://codereview.chromium.org/1312313006 .
Diffstat (limited to 'testing/embedder_test.h')
| -rw-r--r-- | testing/embedder_test.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/testing/embedder_test.h b/testing/embedder_test.h index 4bd9d9713e..f490f82536 100644 --- a/testing/embedder_test.h +++ b/testing/embedder_test.h @@ -5,6 +5,7 @@ #ifndef TESTING_EMBEDDER_TEST_H_ #define TESTING_EMBEDDER_TEST_H_ +#include <map> #include <string> #include "../public/fpdf_dataavail.h" @@ -43,6 +44,14 @@ class EmbedderTest : public ::testing::Test, // Equivalent to FPDF_FORMFILLINFO::FFI_KillTimer(). virtual void KillTimer(int id) {} + + // Equivalent to FPDF_FORMFILLINFO::FFI_GetPage(). + virtual FPDF_PAGE GetPage(FPDF_FORMHANDLE form_handle, + FPDF_DOCUMENT document, + int page_index); + + private: + std::map<int, FPDF_PAGE> m_pageMap; }; EmbedderTest(); @@ -72,6 +81,10 @@ class EmbedderTest : public ::testing::Test, // Load a specific page of the open document. virtual FPDF_PAGE LoadPage(int page_number); + // Load a specific page of the open document using delegate_->GetPage. + // delegate_->GetPage also caches loaded page. + virtual FPDF_PAGE LoadAndCachePage(int page_number); + // Convert a loaded page into a bitmap. virtual FPDF_BITMAP RenderPage(FPDF_PAGE page); @@ -106,6 +119,9 @@ class EmbedderTest : public ::testing::Test, int msecs, TimerCallback fn); static void KillTimerTrampoline(FPDF_FORMFILLINFO* info, int id); + static FPDF_PAGE GetPageTrampoline(FPDF_FORMFILLINFO* info, + FPDF_DOCUMENT document, + int page_index); }; #endif // TESTING_EMBEDDER_TEST_H_ |