[Merge to 54] Fix CPDFSDK_PageView cleanup.

In https://pdfium.googlesource.com/pdfium/+/461eeafe191068ac8c32f2717907fc6a22a667d2
we moved the map cleanup for the page view to happen before the page view was
destroyed and before we killed the annotation focus.

The map removal must happen before the pageview is destroyed, but must happen
after we've killed the annotation focus in order to not create duplicate page
views which point to the same page.

BUG=chromium:645122
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/2338893002 .

Review-Url: https://codereview.chromium.org/2320253002

1 files changed, 7 insertions, 1 deletions

diff --git a/fpdfsdk/fsdk_mgr.cpp b/fpdfsdk/fsdk_mgr.cpp
index 1011b92e09..0617343c43 100644
--- a/fpdfsdk/fsdk_mgr.cpp
+++ b/fpdfsdk/fsdk_mgr.cpp
@@ -361,11 +361,17 @@ void CPDFSDK_Document::RemovePageView(UnderlyingPageType* pUnderlyingPage) {
   if (pPageView->IsLocked())
     return;
 
+  // This must happen before we remove |pPageView| from the map because
+  // |KillFocusAnnotIfNeeded| can call into the |GetPage| method which will
+  // look for this page view in the map, if it doesn't find it a new one will
+  // be created. We then have two page views pointing to the same page and
+  // bad things happen.
+  pPageView->KillFocusAnnotIfNeeded();
+
   // Remove the page from the map to make sure we don't accidentally attempt
   // to use the |pPageView| while we're cleaning it up.
   m_pageMap.erase(it);
 
-  pPageView->KillFocusAnnotIfNeeded();
   delete pPageView;
 }