Issue metadata
Sign in to add a comment
|
UAF in CPWL_ComboBox::~CPWL_ComboBox()
Reported by
manhluat...@gmail.com,
Jun 14 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: 1. Download chromium with asan built at https://commondatastorage.googleapis.com/chromium-browser-asan/index.html 2. Run poc.pdf 3. ASAN crashes What is the expected behavior? What went wrong? Tested on Chromium Mac ASAN version 60.0.3102.0. Poc is generated by fixup script. Did this work before? N/A Chrome version: 58.0.3029.110 Channel: n/a OS Version: OS X 10.12.5 Flash Version:
,
Jun 14 2017
There are 3 pages.
Page 0 includes |MyField3| Combobox.
Document JS Action:
var f = this.getField("MyField3");
f.setFocus();
this.pageNum=2;
Closing Page 0 AAction:
this.getField('MyField3').value = "test 2";
this.pageNum=2;
,
Jun 14 2017
Sadly... it's been fixed by https://pdfium.googlesource.com/pdfium/+/3516256c28c29d13e9092e7bb3ea3b417d3bb6df
,
Jun 14 2017
PDFium folks: I'm not sure if this is an exact duplicate, please feel free to adjust.
,
Jun 15 2017
It's the same and fairly harmless. If you go back to https://pdfium.googlesource.com/pdfium/+/2eddb665763f3e089d4c210d2a011d112683f3ea for instance, you'll see there wasn't an ASAN error in the first place before we added CFX_UnownedPtr.
,
Sep 21 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted