CFXJS_ObjDefinition's lifetime must match isolate.chromium/2585 chromium/2584 chromium/2583 chromium/2582 chromium/2581 chromium/2580 chromium/2579 chromium/2578 chromium/2577 chromium/2576

Introduced at https://codereview.chromium.org/1424933013/ The v8 objects are 1:1 with the context being destroyed in FXJS_ReleaseRuntime, but the CFXJS_ObjDefinitions are still 1:1 with the isolate, so they can't be destroyed until the refcounts hit zero. BUG=561184 R=jochen@chromium.org Review URL: https://codereview.chromium.org/1468423004 .
author: Tom Sepez <tsepez@chromium.org> 2015-11-25 10:29:58 -0800
committer: Tom Sepez <tsepez@chromium.org> 2015-11-25 10:29:58 -0800
commit: 628f7053cc646c58c61add247c75bc65ac135327 (patch)
tree: 2ddc74d0849be476e6b6ef915bc791e5f03ed426
parent: 1fb4bc47e216c9caebdf7bc8479d45285ee7693b (diff)
download: pdfium-chromium/2578.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/fpdfsdk/src/jsapi/fxjs_v8.cpp b/fpdfsdk/src/jsapi/fxjs_v8.cpp
index 4e069d52a3..ed8e2e8563 100644
--- a/fpdfsdk/src/jsapi/fxjs_v8.cpp
+++ b/fpdfsdk/src/jsapi/fxjs_v8.cpp
@@ -351,12 +351,14 @@ void FXJS_ReleaseRuntime(v8::Isolate* pIsolate,
         pObjDef->m_pDestructor(pObj);
       FXJS_FreePrivate(pObj);
     }
-    delete pObjDef;
   }
 
   if (pIsolate == g_isolate && --g_isolate_ref_count > 0)
     return;
 
+  for (int i = 0; i < maxID; ++i)
+    delete CFXJS_ObjDefinition::ForID(pIsolate, i);
+
   pIsolate->SetData(g_embedderDataSlot, nullptr);
   delete pData;
 }
author	Tom Sepez <tsepez@chromium.org>	2015-11-25 10:29:58 -0800
committer	Tom Sepez <tsepez@chromium.org>	2015-11-25 10:29:58 -0800
commit	628f7053cc646c58c61add247c75bc65ac135327 (patch)
tree	2ddc74d0849be476e6b6ef915bc791e5f03ed426
parent	1fb4bc47e216c9caebdf7bc8479d45285ee7693b (diff)
download	pdfium-chromium/2578.tar.xz