From 39a97eaf1132e9ae6311ef547133b53def0a2cc9 Mon Sep 17 00:00:00 2001 From: Jun Fang Date: Mon, 18 Aug 2014 12:21:44 -0700 Subject: Fix a double-free issue in CFX_PathData::~CFX_PathData In CPDFSDK_InterForm::SubmitFields, the buffer pointed by m_pBuffer is returned and released by the caller. However, it will be released again in the destructor. BUG=401580 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/481733002 --- fpdfsdk/src/fsdk_baseform.cpp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fpdfsdk/src/fsdk_baseform.cpp b/fpdfsdk/src/fsdk_baseform.cpp index ae3b6364d3..aa87dd56bb 100644 --- a/fpdfsdk/src/fsdk_baseform.cpp +++ b/fpdfsdk/src/fsdk_baseform.cpp @@ -2284,12 +2284,6 @@ FX_BOOL CPDFSDK_InterForm::SubmitFields(const CFX_WideString& csDestination, con pEnv->JS_docSubmitForm(pBuffer, nBufSize, (FX_LPCWSTR)csDestination); - if (bUrlEncoded && pBuffer) - { - FX_Free(pBuffer); - pBuffer = NULL; - } - return TRUE; } -- cgit v1.2.3