Merge to M47: Rip out the KillFocusAnnot call from CPDFSDK_PageView's destructor

Previously, blur event actions could potentially touch deleted PageViews
as CPDFSDK_Document deletes the PageViews one by one.

This also fixes a related issue: CPDFSDK_Document::SetFocusAnnot no
longer does anything if the document is being destroyed. Otherwise, it
eventually tries to use m_pEnv->GetSDKDocument() at which point has
already been set to NULL by FPDFDOC_ExitFormFillEnvironment.

R=ochang@chromium.org
BUG=512445

Review URL: https://codereview.chromium.org/1414353007 .

(cherry picked from commit a548b1d3e2444f256bcbf6c2fa2165798e33ba8d)

Review URL: https://codereview.chromium.org/1417033009 .

2 files changed, 23 insertions, 12 deletions

diff --git a/fpdfsdk/include/fsdk_mgr.h b/fpdfsdk/include/fsdk_mgr.h
index 270160eeb6..26d0304b18 100644
--- a/fpdfsdk/include/fsdk_mgr.h
+++ b/fpdfsdk/include/fsdk_mgr.h
@@ -275,6 +275,7 @@ class CPDFSDK_Document {
   CPDFDoc_Environment* m_pEnv;
   CPDF_OCContext* m_pOccontent;
   FX_BOOL m_bChangeMask;
+  FX_BOOL m_bBeingDestroyed;
 };
 class CPDFSDK_PageView final {
  public:
@@ -294,6 +295,7 @@ class CPDFSDK_PageView final {
   FX_BOOL KillFocusAnnot(FX_UINT nFlag = 0) {
     return m_pSDKDoc->KillFocusAnnot(nFlag);
   }
+  void KillFocusAnnotIfNeeded();
   FX_BOOL Annot_HasAppearance(CPDF_Annot* pAnnot);
 
   CPDFSDK_Annot* AddAnnot(CPDF_Dictionary* pDict);
diff --git a/fpdfsdk/src/fsdk_mgr.cpp b/fpdfsdk/src/fsdk_mgr.cpp
index 5b94aef600..7b0fe4e2fa 100644
--- a/fpdfsdk/src/fsdk_mgr.cpp
+++ b/fpdfsdk/src/fsdk_mgr.cpp
@@ -403,9 +403,16 @@ CPDFSDK_Document::CPDFSDK_Document(CPDF_Document* pDoc,
       m_pFocusAnnot(nullptr),
       m_pEnv(pEnv),
       m_pOccontent(nullptr),
-      m_bChangeMask(FALSE) {}
+      m_bChangeMask(FALSE),
+      m_bBeingDestroyed(FALSE) {
+}
 
 CPDFSDK_Document::~CPDFSDK_Document() {
+  m_bBeingDestroyed = TRUE;
+
+  for (auto& it : m_pageMap)
+    it.second->KillFocusAnnotIfNeeded();
+
   for (auto& it : m_pageMap)
     delete it.second;
   m_pageMap.clear();
@@ -505,6 +512,7 @@ void CPDFSDK_Document::ReMovePageView(CPDF_Page* pPDFPage) {
   if (pPageView->IsLocked())
     return;
 
+  pPageView->KillFocusAnnotIfNeeded();
   delete pPageView;
   m_pageMap.erase(it);
 }
@@ -537,6 +545,9 @@ CPDFSDK_Annot* CPDFSDK_Document::GetFocusAnnot() {
 }
 
 FX_BOOL CPDFSDK_Document::SetFocusAnnot(CPDFSDK_Annot* pAnnot, FX_UINT nFlag) {
+  if (m_bBeingDestroyed)
+    return FALSE;
+
   if (m_pFocusAnnot == pAnnot)
     return TRUE;
 
@@ -624,17 +635,6 @@ CPDFSDK_PageView::CPDFSDK_PageView(CPDFSDK_Document* pSDKDoc, CPDF_Page* page)
 }
 
 CPDFSDK_PageView::~CPDFSDK_PageView() {
-  // if there is a focused annot on the page, we should kill the focus first.
-  if (CPDFSDK_Annot* focusedAnnot = m_pSDKDoc->GetFocusAnnot()) {
-    for (int i = 0, count = m_fxAnnotArray.GetSize(); i < count; i++) {
-      CPDFSDK_Annot* pAnnot = (CPDFSDK_Annot*)m_fxAnnotArray.GetAt(i);
-      if (pAnnot == focusedAnnot) {
-        KillFocusAnnot();
-        break;
-      }
-    }
-  }
-
   CPDFDoc_Environment* pEnv = m_pSDKDoc->GetEnv();
   CPDFSDK_AnnotHandlerMgr* pAnnotHandlerMgr = pEnv->GetAnnotHandlerMgr();
   ASSERT(pAnnotHandlerMgr);
@@ -732,6 +732,15 @@ CPDFSDK_Annot* CPDFSDK_PageView::GetFXWidgetAtPoint(FX_FLOAT pageX,
   return NULL;
 }
 
+void CPDFSDK_PageView::KillFocusAnnotIfNeeded() {
+  // if there is a focused annot on the page, we should kill the focus first.
+  if (CPDFSDK_Annot* focusedAnnot = m_pSDKDoc->GetFocusAnnot()) {
+    int index = m_fxAnnotArray.Find(focusedAnnot);
+    if (index >= 0)
+      KillFocusAnnot();
+  }
+}
+
 FX_BOOL CPDFSDK_PageView::Annot_HasAppearance(CPDF_Annot* pAnnot) {
   CPDF_Dictionary* pAnnotDic = pAnnot->GetAnnotDict();
   if (pAnnotDic)