From 36b2059cae7fc851c9f35babd35ec82a7a5d9694 Mon Sep 17 00:00:00 2001
From: Henrique Nakashima <hnakashima@chromium.org>
Date: Tue, 24 Jul 2018 20:25:45 +0000
Subject: Fix UAF in CPDFSDK_Widget::GetMixXFAWidget().

Do not allow instanceManager methods to run in Foreground XFA forms.
They are static, and their widgets should not be inserted or removed.

See "XML Forms Architecture (XFA) Specification Version 3.3", page 272.

Bug: chromium:860697
Change-Id: Ia96834e085ee508618ca4dcb2bd5271466369ede
Reviewed-on: https://pdfium-review.googlesource.com/38751
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
---
 xfa/fxfa/parser/cxfa_document.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'xfa/fxfa/parser/cxfa_document.h')

diff --git a/xfa/fxfa/parser/cxfa_document.h b/xfa/fxfa/parser/cxfa_document.h
index 795da004cc..8bddcb2035 100644
--- a/xfa/fxfa/parser/cxfa_document.h
+++ b/xfa/fxfa/parser/cxfa_document.h
@@ -79,6 +79,7 @@ class CXFA_Document : public CXFA_NodeOwner {
   bool IsInteractive();
   XFA_VERSION GetCurVersionMode() { return m_eCurVersionMode; }
   XFA_VERSION RecognizeXFAVersionNumber(const WideString& wsTemplateNS);
+  FormType GetFormType() const;
 
   CXFA_Node* CreateNode(XFA_PacketType packet, XFA_Element eElement);
 
-- 
cgit v1.2.3