Add ObservedPtrs to KillFocus path

This is to prevent use after free issues due to these calls causing
reloads of content that have the side of effect of destroying windows.

BUG=chromium:760455

Change-Id: I3f3947be8b32964783abf5577a24ba6a713b3476
Reviewed-on: https://pdfium-review.googlesource.com/14150
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

2 files changed, 16 insertions, 1 deletions

diff --git a/fpdfsdk/pwl/cpwl_edit.cpp b/fpdfsdk/pwl/cpwl_edit.cpp
index a6f6f2ac86..4558e432ac 100644
--- a/fpdfsdk/pwl/cpwl_edit.cpp
+++ b/fpdfsdk/pwl/cpwl_edit.cpp
@@ -340,14 +340,26 @@ void CPWL_Edit::OnSetFocus() {
 }
 
 void CPWL_Edit::OnKillFocus() {
+  ObservedPtr observed_ptr = ObservedPtr(this);
   CPWL_ScrollBar* pScroll = GetVScrollBar();
   if (pScroll && pScroll->IsVisible()) {
     pScroll->SetVisible(false);
+    if (!observed_ptr)
+      return;
+
     Move(m_rcOldWindow, true, true);
   }
+  if (!observed_ptr)
+    return;
 
   m_pEdit->SelectNone();
+  if (!observed_ptr)
+    return;
+
   SetCaret(false, CFX_PointF(), CFX_PointF());
+  if (!observed_ptr)
+    return;
+
   SetCharSet(FX_CHARSET_ANSI);
   m_bFocus = false;
 }
diff --git a/fpdfsdk/pwl/cpwl_wnd.cpp b/fpdfsdk/pwl/cpwl_wnd.cpp
index 53c692dada..e26df4d199 100644
--- a/fpdfsdk/pwl/cpwl_wnd.cpp
+++ b/fpdfsdk/pwl/cpwl_wnd.cpp
@@ -44,7 +44,7 @@ PWL_CREATEPARAM::PWL_CREATEPARAM()
 
 PWL_CREATEPARAM::PWL_CREATEPARAM(const PWL_CREATEPARAM& other) = default;
 
-class CPWL_MsgControl {
+class CPWL_MsgControl : public CFX_Observable<CPWL_MsgControl> {
   friend class CPWL_Wnd;
 
  public:
@@ -96,9 +96,12 @@ class CPWL_MsgControl {
   }
 
   void KillFocus() {
+    ObservedPtr observed_ptr = ObservedPtr(this);
     if (!m_aKeyboardPath.empty())
       if (CPWL_Wnd* pWnd = m_aKeyboardPath[0])
         pWnd->OnKillFocus();
+    if (!observed_ptr)
+      return;
 
     m_pMainKeyboardWnd = nullptr;
     m_aKeyboardPath.clear();