diff options
author | Ryan Harrison <rharrison@chromium.org> | 2017-09-15 14:35:41 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-15 18:45:55 +0000 |
commit | 022d13b85408beb400ce703bb5c59736adea208f (patch) | |
tree | 30051ba1dc335cbc71d191ec9843b727b0550fb7 | |
parent | 574756152de82613a71bb206d9fd50906e20f817 (diff) | |
download | pdfium-022d13b85408beb400ce703bb5c59736adea208f.tar.xz |
Add ObservedPtrs to KillFocus path
This is to prevent use after free issues due to these calls causing
reloads of content that have the side of effect of destroying windows.
BUG=chromium:760455
Change-Id: I3f3947be8b32964783abf5577a24ba6a713b3476
Reviewed-on: https://pdfium-review.googlesource.com/14150
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
-rw-r--r-- | fpdfsdk/pwl/cpwl_edit.cpp | 12 | ||||
-rw-r--r-- | fpdfsdk/pwl/cpwl_wnd.cpp | 5 |
2 files changed, 16 insertions, 1 deletions
diff --git a/fpdfsdk/pwl/cpwl_edit.cpp b/fpdfsdk/pwl/cpwl_edit.cpp index a6f6f2ac86..4558e432ac 100644 --- a/fpdfsdk/pwl/cpwl_edit.cpp +++ b/fpdfsdk/pwl/cpwl_edit.cpp @@ -340,14 +340,26 @@ void CPWL_Edit::OnSetFocus() { } void CPWL_Edit::OnKillFocus() { + ObservedPtr observed_ptr = ObservedPtr(this); CPWL_ScrollBar* pScroll = GetVScrollBar(); if (pScroll && pScroll->IsVisible()) { pScroll->SetVisible(false); + if (!observed_ptr) + return; + Move(m_rcOldWindow, true, true); } + if (!observed_ptr) + return; m_pEdit->SelectNone(); + if (!observed_ptr) + return; + SetCaret(false, CFX_PointF(), CFX_PointF()); + if (!observed_ptr) + return; + SetCharSet(FX_CHARSET_ANSI); m_bFocus = false; } diff --git a/fpdfsdk/pwl/cpwl_wnd.cpp b/fpdfsdk/pwl/cpwl_wnd.cpp index 53c692dada..e26df4d199 100644 --- a/fpdfsdk/pwl/cpwl_wnd.cpp +++ b/fpdfsdk/pwl/cpwl_wnd.cpp @@ -44,7 +44,7 @@ PWL_CREATEPARAM::PWL_CREATEPARAM() PWL_CREATEPARAM::PWL_CREATEPARAM(const PWL_CREATEPARAM& other) = default; -class CPWL_MsgControl { +class CPWL_MsgControl : public CFX_Observable<CPWL_MsgControl> { friend class CPWL_Wnd; public: @@ -96,9 +96,12 @@ class CPWL_MsgControl { } void KillFocus() { + ObservedPtr observed_ptr = ObservedPtr(this); if (!m_aKeyboardPath.empty()) if (CPWL_Wnd* pWnd = m_aKeyboardPath[0]) pWnd->OnKillFocus(); + if (!observed_ptr) + return; m_pMainKeyboardWnd = nullptr; m_aKeyboardPath.clear(); |