diff options
| author | Tom Sepez <tsepez@chromium.org> | 2017-07-19 16:46:22 -0700 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-07-20 17:01:59 +0000 |
| commit | 77417ec9e1312a75407f8ab46dd46f777a1742f1 (patch) | |
| tree | f5d40337730001d8576116783fdada892d20becc | |
| parent | dc11ec85ebf637efe99dd9195a2a6a52c3e4d48f (diff) | |
| download | pdfium-77417ec9e1312a75407f8ab46dd46f777a1742f1.tar.xz | |
Make CPWL_Wnd classes be observable.
This is another case where JS may lead to destruction of
an object far away from where we are holding it.
Bug: 737023
Change-Id: I994d5425184b8c00b5cfaeb95dbb5032a6e09edb
Reviewed-on: https://pdfium-review.googlesource.com/8350
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
| -rw-r--r-- | fpdfsdk/formfiller/cffl_combobox.cpp | 15 | ||||
| -rw-r--r-- | fpdfsdk/formfiller/cffl_listbox.cpp | 15 | ||||
| -rw-r--r-- | fpdfsdk/formfiller/cffl_textfield.cpp | 10 | ||||
| -rw-r--r-- | fpdfsdk/pdfwindow/cpwl_wnd.h | 2 |
4 files changed, 13 insertions, 29 deletions
diff --git a/fpdfsdk/formfiller/cffl_combobox.cpp b/fpdfsdk/formfiller/cffl_combobox.cpp index 6af65de643..175ccb7409 100644 --- a/fpdfsdk/formfiller/cffl_combobox.cpp +++ b/fpdfsdk/formfiller/cffl_combobox.cpp @@ -231,19 +231,12 @@ CPWL_Wnd* CFFL_ComboBox::ResetPDFWindow(CPDFSDK_PageView* pPageView, SaveState(pPageView); DestroyPDFWindow(pPageView); - - CPWL_Wnd* pRet = nullptr; - - if (bRestoreValue) { + if (bRestoreValue) RestoreState(pPageView); - pRet = GetPDFWindow(pPageView, false); - } else { - pRet = GetPDFWindow(pPageView, true); - } - - m_pWidget->UpdateField(); - return pRet; + CPWL_Wnd::ObservedPtr pRet(GetPDFWindow(pPageView, !bRestoreValue)); + m_pWidget->UpdateField(); // May invoke JS, invalidating pRet. + return pRet.Get(); } #ifdef PDF_ENABLE_XFA diff --git a/fpdfsdk/formfiller/cffl_listbox.cpp b/fpdfsdk/formfiller/cffl_listbox.cpp index 11206e2b87..4a6264d6dc 100644 --- a/fpdfsdk/formfiller/cffl_listbox.cpp +++ b/fpdfsdk/formfiller/cffl_listbox.cpp @@ -189,17 +189,10 @@ CPWL_Wnd* CFFL_ListBox::ResetPDFWindow(CPDFSDK_PageView* pPageView, SaveState(pPageView); DestroyPDFWindow(pPageView); - - CPWL_Wnd* pRet = nullptr; - - if (bRestoreValue) { + if (bRestoreValue) RestoreState(pPageView); - pRet = GetPDFWindow(pPageView, false); - } else { - pRet = GetPDFWindow(pPageView, true); - } - - m_pWidget->UpdateField(); - return pRet; + CPWL_Wnd::ObservedPtr pRet(GetPDFWindow(pPageView, !bRestoreValue)); + m_pWidget->UpdateField(); // May invoke JS, invalidating pRet. + return pRet.Get(); } diff --git a/fpdfsdk/formfiller/cffl_textfield.cpp b/fpdfsdk/formfiller/cffl_textfield.cpp index 70bc202fbf..d598419c1b 100644 --- a/fpdfsdk/formfiller/cffl_textfield.cpp +++ b/fpdfsdk/formfiller/cffl_textfield.cpp @@ -238,14 +238,12 @@ CPWL_Wnd* CFFL_TextField::ResetPDFWindow(CPDFSDK_PageView* pPageView, SaveState(pPageView); DestroyPDFWindow(pPageView); - - CPWL_Wnd* pRet = nullptr; - if (bRestoreValue) RestoreState(pPageView); - pRet = GetPDFWindow(pPageView, !bRestoreValue); - m_pWidget->UpdateField(); - return pRet; + + CPWL_Wnd::ObservedPtr pRet(GetPDFWindow(pPageView, !bRestoreValue)); + m_pWidget->UpdateField(); // May invoke JS, invalidating pRet. + return pRet.Get(); } #ifdef PDF_ENABLE_XFA diff --git a/fpdfsdk/pdfwindow/cpwl_wnd.h b/fpdfsdk/pdfwindow/cpwl_wnd.h index dfe5dc0ab0..56fbb21baa 100644 --- a/fpdfsdk/pdfwindow/cpwl_wnd.h +++ b/fpdfsdk/pdfwindow/cpwl_wnd.h @@ -168,7 +168,7 @@ struct PWL_CREATEPARAM { CFX_Matrix mtChild; // ignore }; -class CPWL_Wnd : public CPWL_TimerHandler { +class CPWL_Wnd : public CPWL_TimerHandler, public CFX_Observable<CPWL_Wnd> { public: CPWL_Wnd(); ~CPWL_Wnd() override; |