summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2018-06-28 20:55:54 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-06-28 20:55:54 +0000
commit5fbb98122c59d4bf0c830ee352ad4769d2decebf (patch)
treea4213e9e6d32f601b3a77aa31e4e76dfbbf2f3f6
parent3edb80670ddd20857cfba97110f64d610a5b29eb (diff)
downloadpdfium-5fbb98122c59d4bf0c830ee352ad4769d2decebf.tar.xz
Fix logic error in CJX_InstanceManager::count()chromium/3476
Calling the Setter when the Getter was intended results in a segv when accessing the empty return value. Bug: 353450 Change-Id: If3d35de1c5e2a24d11690fd323253f1103ee9ab5 Reviewed-on: https://pdfium-review.googlesource.com/36431 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
-rw-r--r--fxjs/xfa/cjx_instancemanager.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/fxjs/xfa/cjx_instancemanager.cpp b/fxjs/xfa/cjx_instancemanager.cpp
index d9471cd253..f44ccba588 100644
--- a/fxjs/xfa/cjx_instancemanager.cpp
+++ b/fxjs/xfa/cjx_instancemanager.cpp
@@ -320,8 +320,8 @@ void CJX_InstanceManager::count(CFXJSE_Value* pValue,
bool bSetting,
XFA_Attribute eAttribute) {
if (bSetting) {
- pValue->SetInteger(GetXFANode()->GetCount());
+ SetInstances(pValue->ToInteger());
return;
}
- SetInstances(pValue->ToInteger());
+ pValue->SetInteger(GetXFANode()->GetCount());
}