Merge to M48: CFXJS_ObjDefinition's lifetime must match isolate.

Introduced at https://codereview.chromium.org/1424933013/ The v8 objects are 1:1 with the context being destroyed in FXJS_ReleaseRuntime, but the CFXJS_ObjDefinitions are still 1:1 with the isolate, so they can't be destroyed until the refcounts hit zero. BUG=561184 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1468423004 . (cherry picked from commit 628f7053cc646c58c61add247c75bc65ac135327) Review URL: https://codereview.chromium.org/1521513004 .
author: Lei Zhang <thestig@chromium.org> 2015-12-11 15:20:51 -0800
committer: Lei Zhang <thestig@chromium.org> 2015-12-11 15:20:51 -0800
commit: 4b3d9152608914f49c33819a58c854e5ba539079 (patch)
tree: 8aa004c58e26f6c83b6a4d43f75f14c7b74ecd4a
parent: 0779eebb95de949e8f2e256c745ffae96bfa3479 (diff)
download: pdfium-4b3d9152608914f49c33819a58c854e5ba539079.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/fpdfsdk/src/jsapi/fxjs_v8.cpp b/fpdfsdk/src/jsapi/fxjs_v8.cpp
index d21970e595..3771b1a66f 100644
--- a/fpdfsdk/src/jsapi/fxjs_v8.cpp
+++ b/fpdfsdk/src/jsapi/fxjs_v8.cpp
@@ -351,12 +351,14 @@ void FXJS_ReleaseRuntime(v8::Isolate* pIsolate,
         pObjDef->m_pDestructor(pObj);
       FXJS_FreePrivate(pObj);
     }
-    delete pObjDef;
   }
 
   if (pIsolate == g_isolate && --g_isolate_ref_count > 0)
     return;
 
+  for (int i = 0; i < maxID; ++i)
+    delete CFXJS_ObjDefinition::ForID(pIsolate, i);
+
   pIsolate->SetData(g_embedderDataSlot, nullptr);
   delete pData;
 }
author	Lei Zhang <thestig@chromium.org>	2015-12-11 15:20:51 -0800
committer	Lei Zhang <thestig@chromium.org>	2015-12-11 15:20:51 -0800
commit	4b3d9152608914f49c33819a58c854e5ba539079 (patch)
tree	8aa004c58e26f6c83b6a4d43f75f14c7b74ecd4a
parent	0779eebb95de949e8f2e256c745ffae96bfa3479 (diff)
download	pdfium-4b3d9152608914f49c33819a58c854e5ba539079.tar.xz