diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-06-28 20:55:54 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-06-28 20:55:54 +0000 |
commit | 5fbb98122c59d4bf0c830ee352ad4769d2decebf (patch) | |
tree | a4213e9e6d32f601b3a77aa31e4e76dfbbf2f3f6 | |
parent | 3edb80670ddd20857cfba97110f64d610a5b29eb (diff) | |
download | pdfium-chromium/3476.tar.xz |
Fix logic error in CJX_InstanceManager::count()chromium/3476
Calling the Setter when the Getter was intended results in a segv
when accessing the empty return value.
Bug: 353450
Change-Id: If3d35de1c5e2a24d11690fd323253f1103ee9ab5
Reviewed-on: https://pdfium-review.googlesource.com/36431
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
-rw-r--r-- | fxjs/xfa/cjx_instancemanager.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fxjs/xfa/cjx_instancemanager.cpp b/fxjs/xfa/cjx_instancemanager.cpp index d9471cd253..f44ccba588 100644 --- a/fxjs/xfa/cjx_instancemanager.cpp +++ b/fxjs/xfa/cjx_instancemanager.cpp @@ -320,8 +320,8 @@ void CJX_InstanceManager::count(CFXJSE_Value* pValue, bool bSetting, XFA_Attribute eAttribute) { if (bSetting) { - pValue->SetInteger(GetXFANode()->GetCount()); + SetInstances(pValue->ToInteger()); return; } - SetInstances(pValue->ToInteger()); + pValue->SetInteger(GetXFANode()->GetCount()); } |