Issue 1617 in pdfium: FPDFDOC_ExitFormFillEnvironment crashes

[seanc… via monorail]

Status: Unconfirmed
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 1617 by seanc...@gmail.com: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617

What steps will reproduce the problem?
the following snippit of code is enough to reproduce the crash:

formInfo.version = 1; // no xfa
formHandle = FPDFDOC_InitFormFillEnvironment(doc, &formInfo); // obviously doc and formInfo are previously initialized to an open document
FPDFDOC_ExitFormFillEnvironment(formHandle);

What is the expected output? What do you see instead?
This crashes on FPDFDOC_ExitFormFillEnvironment. In the full program this will happen after the document is parsed. We call FORM_OnAfterLoadPage after opening any page and FORM_OnBeforeClosePage after closing any page. If we do not call FPDFDOC_ExitFormFillEnvironment, I suspect a memory leak, and on windows the file remains locked even after FPDF_CloseDocument if FPDFDOC_ExitFormFillEnvironment is not called.



What version of the product are you using? On what operating system?
pdfium from chromium4224 on windows

Please provide any additional information below.
Please let me know if I can provide any more info, this is and urgent issue in my code.

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[tse… via monorail]

Comment #1 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c1

You'll likely have to provide a complete testcase, eg. a main() { } that includes all the things that are obviously initialized, as we don't see this with our pdfium_test binary and don't want to guess what you might be doing prior to the snippet you've provided.

[tse… via monorail]

Updates:
Labels: Needs-Feedback

Comment #2 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c2

(No comment was entered for this change.)

[n… via monorail]

Comment #3 on issue 1617 by ni...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c3

I wrote a little program like this, and no segfault was triggered. I understand that I might have some functions called which were not mentioned in the bug description. But hope this can help you solve the issue?

FPDF_DOCUMENT doc = FPDF_CreateNewDocument();
FPDF_PAGE page = FPDFPage_New(doc, 0, 640.0, 480.0);
FPDF_FORMFILLINFO formfillinfo;
formfillinfo.version = 1;
FPDF_FORMHANDLE form_handle = FPDFDOC_InitFormFillEnvironment(doc, &formfillinfo);
form_handle = SetupFormFillEnvironment(doc, JavaScriptOption::kEnableJavaScript);
FORM_OnAfterLoadPage(page, form_handle);
FORM_DoPageAAction(page, form_handle, FPDFPAGE_AACTION_OPEN);
FORM_DoPageAAction(page, form_handle, FPDFPAGE_AACTION_CLOSE);
FORM_OnBeforeClosePage (page, form_handle);
FORM_DoDocumentAAction(form_handle, FPDFDOC_AACTION_WC);
FPDFDOC_ExitFormFillEnvironment(form_handle);
form_handle = nullptr;
FPDF_CloseDocument(doc);

Let me know if you noticed anything is missing from this little program to reproduce the problem. Thanks!

[tse… via monorail]

Comment #4 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c4

Well, there's an FPDF_InitLibrary() call that I didn't see in your program, that's the first thing that has to happen before any of what you wrote can take place.

[tse… via monorail]

Comment #5 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c5

Also, you'll want to do the formfill initialization before creating any pages.

[tse… via monorail]

Comment #6 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c6

And you;ll want to FPDF_ClosePage() the page before exiting the form fill environment.

[wolfr… via monorail]

Comment #7 on issue 1617 by wolfr...@gmail.com: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c7

Hi I've switched emails on my other computer with the code.. Thank you very much for the prompt replies, I wish I had been at my desk yesterday evening. I'm now on Linux where I also reproduce the crash. Here is a complete test program that reproduces the crash:

FPDF_LIBRARY_CONFIG config;
config.version = 2;
config.m_pUserFontPaths = nullptr;
config.m_pIsolate = nullptr;
config.m_v8EmbedderSlot = 0;

FPDF_InitLibraryWithConfig(&config);

FPDF_DOCUMENT doc = FPDF_CreateNewDocument();

FPDF_FORMFILLINFO formfillinfo;
formfillinfo.version = 1;
FPDF_FORMHANDLE form_handle = FPDFDOC_InitFormFillEnvironment(doc, &formfillinfo);

FPDFDOC_ExitFormFillEnvironment(form_handle);
form_handle = nullptr;
FPDF_CloseDocument(doc);

On the chromium/4224 branch I don't see SetupFormFillEnvironment. Is there something along these lines I need to do in order to get a valid FPDF_FORMHANDLE? In my application I am never creating a document, the reason I am calling FPDFDOC_InitFormFillEnvironment is I am opening existing PDF documents and reading the form field data using FPDFAnnot_GetFormFieldName and FPDFAnnot_GetFormFieldValue in the full application.

[tse… via monorail]

Updates:
Status: WontFix

Comment #8 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c8

We typically point developers to https://source.chromium.org/chromium/chromium/src/+/master:third_party/pdfium/samples/pdfium_test.cc for an example of how to initialize PDFium, but this has grown vastly complex over the years. I've cobbled together a working example of what nigi proposed above at https://pdfium-review.googlesource.com/c/pdfium/+/76290/3/samples/simple_no_v8.cc

Presumably these examples will allow to you make some progress.

[wolfr… via monorail]

Comment #9 on issue 1617 by wolfr...@gmail.com: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c9

Adding memset(&formfillinfo, 0, sizeof(formfillinfo)); fixes my crash! Thanks! Can you give some more insight on why this might be the case?

[tse… via monorail]

Comment #10 on issue 1617 by tse...@chromium.org: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c10

Welcome to C programming. Stack variables are not initialized by default, and contain whatever contents might have been in that memory previously unless you initialize them explicitly (or clear them). Sometime C++ there might be a default constructor that zeros thing out, but for ordinary C structs that is never the case.

[wolfr… via monorail]

Comment #11 on issue 1617 by wolfr...@gmail.com: FPDFDOC_ExitFormFillEnvironment crashes
https://bugs.chromium.org/p/pdfium/issues/detail?id=1617#c11

Well, I was more curious why everything works fine until FPDFDOC_ExitFormFillEnvironment is called. Not to mention I don't see any explicit value initialization in the other example you sent, multiple examples I found online, nor the test program given by nigi.. The documentation also makes no mention that FPDF_FORMFILLINFO needs to be initialized to 0/nullptr before use, I thought I could simply set the only field which I had any indication I would need to set, which is version. While the docs could maybe improve, yes you're right that I should have been initializing this thing anyway and that's my fault. Thank you very much for your time.