Remove pageview from map immediately

There seems to be an ownership issue in the page annotation code where removing the annotations can result in removing the parent page view. This is fine except that removing the parent page view removes the annotations and you can end up with a use-after-free. This CL removes the page view from the documents page map immediately and then proceeds with the cleanup. Then, if we try to remove that page again it won't be found and we won't double free. BUG=chromium:630654 Review-Url: https://codereview.chromium.org/2179283005
author: dsinclair <dsinclair@chromium.org> 2016-07-26 12:09:42 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-07-26 12:09:42 -0700
commit: 49dce65dc78bcd5a0c78a8bbdf2809cf20212220 (patch)
tree: a977852e692c0760c16eccc80afd1091135dc2a8
parent: d8cc503575463ff3d81b22dad292665f2c88911e (diff)
download: pdfium-49dce65dc78bcd5a0c78a8bbdf2809cf20212220.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/fpdfsdk/fsdk_mgr.cpp b/fpdfsdk/fsdk_mgr.cpp
index 68143d2bdd..d1e55074f9 100644
--- a/fpdfsdk/fsdk_mgr.cpp
+++ b/fpdfsdk/fsdk_mgr.cpp
@@ -353,9 +353,12 @@ void CPDFSDK_Document::RemovePageView(UnderlyingPageType* pUnderlyingPage) {
   if (pPageView->IsLocked())
     return;
 
+  // Remove the page from the map to make sure we don't accidentally attempt
+  // to use the |pPageView| while we're cleaning it up.
+  m_pageMap.erase(it);
+
   pPageView->KillFocusAnnotIfNeeded();
   delete pPageView;
-  m_pageMap.erase(it);
 }
 
 UnderlyingPageType* CPDFSDK_Document::GetPage(int nIndex) {
author	dsinclair <dsinclair@chromium.org>	2016-07-26 12:09:42 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-07-26 12:09:42 -0700
commit	49dce65dc78bcd5a0c78a8bbdf2809cf20212220 (patch)
tree	a977852e692c0760c16eccc80afd1091135dc2a8
parent	d8cc503575463ff3d81b22dad292665f2c88911e (diff)
download	pdfium-49dce65dc78bcd5a0c78a8bbdf2809cf20212220.tar.xz