Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.
authorTom Sepez <tsepez@chromium.org>
Wed, 9 Sep 2015 16:58:10 +0000 (09:58 -0700)
committerTom Sepez <tsepez@chromium.org>
Wed, 9 Sep 2015 16:58:10 +0000 (09:58 -0700)
commit9241e5a43990859f6f9a94aaa2c488d0451039e3
treed59fa133dccca79cb9b2e9da5930cae8aa6ad75e
parent343dbb841f4c12e819932e2b66dd70f817337d97
Fix heap use after free in CPDFSDK_Annot::GetPDFAnnot.

Use two seperate loops to kill current focus annot and to release annots
in current page. Loop to kill current focus annot is run first, so it
will not access deleted annots.

BUG=507316

R=tsepez@chromium.org

TEST=Reproduction steps mentioned in issue 507316 should not crash
     chrome.
     Unit test added to pdfium.
     Run pdfium_embeddertests.exe.

Review URL: https://codereview.chromium.org/1312313006 .
fpdfsdk/src/fpdfformfill_embeddertest.cpp
fpdfsdk/src/fsdk_mgr.cpp
testing/embedder_test.cpp
testing/embedder_test.h