diff options
| author | Luật Nguyễn <manhluat93.php@gmail.com> | 2017-10-10 12:39:22 +0800 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-10 20:12:46 +0000 |
| commit | 1886471c3432dee4d9a9be5678a757dde8717652 (patch) | |
| tree | 437dd29735be2351e475819798e40edddf41b50b /fpdfsdk/formfiller/cffl_listbox.cpp | |
| parent | dd002931a16a99b0c6e6ae7b6cba9d4dafb27e18 (diff) | |
| download | pdfium-1886471c3432dee4d9a9be5678a757dde8717652.tar.xz | |
Fix UAF in SaveData on all of CFFL_* types.
Bug: 756427
Change-Id: I8e31d96c6f3b83a6464ed69c95225362c50386d1
Reviewed-on: https://pdfium-review.googlesource.com/15870
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'fpdfsdk/formfiller/cffl_listbox.cpp')
| -rw-r--r-- | fpdfsdk/formfiller/cffl_listbox.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fpdfsdk/formfiller/cffl_listbox.cpp b/fpdfsdk/formfiller/cffl_listbox.cpp index 9dad11d3a0..e628e59cb8 100644 --- a/fpdfsdk/formfiller/cffl_listbox.cpp +++ b/fpdfsdk/formfiller/cffl_listbox.cpp @@ -117,9 +117,18 @@ void CFFL_ListBox::SaveData(CPDFSDK_PageView* pPageView) { } else { m_pWidget->SetOptionSelection(pListBox->GetCurSel(), true, false); } + CPDFSDK_Widget::ObservedPtr observed_widget(m_pWidget.Get()); + CFFL_ListBox::ObservedPtr observed_this(this); + m_pWidget->SetTopVisibleIndex(nNewTopIndex); + if (!observed_widget) + return; m_pWidget->ResetFieldAppearance(true); + if (!observed_widget) + return; m_pWidget->UpdateField(); + if (!observed_widget || !observed_this) + return; SetChangeMark(); } |