summaryrefslogtreecommitdiff
path: root/fpdfsdk/formfiller/cffl_listbox.cpp
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2017-07-19 16:46:22 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-07-20 17:01:59 +0000
commit77417ec9e1312a75407f8ab46dd46f777a1742f1 (patch)
treef5d40337730001d8576116783fdada892d20becc /fpdfsdk/formfiller/cffl_listbox.cpp
parentdc11ec85ebf637efe99dd9195a2a6a52c3e4d48f (diff)
downloadpdfium-77417ec9e1312a75407f8ab46dd46f777a1742f1.tar.xz
Make CPWL_Wnd classes be observable.
This is another case where JS may lead to destruction of an object far away from where we are holding it. Bug: 737023 Change-Id: I994d5425184b8c00b5cfaeb95dbb5032a6e09edb Reviewed-on: https://pdfium-review.googlesource.com/8350 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'fpdfsdk/formfiller/cffl_listbox.cpp')
-rw-r--r--fpdfsdk/formfiller/cffl_listbox.cpp15
1 files changed, 4 insertions, 11 deletions
diff --git a/fpdfsdk/formfiller/cffl_listbox.cpp b/fpdfsdk/formfiller/cffl_listbox.cpp
index 11206e2b87..4a6264d6dc 100644
--- a/fpdfsdk/formfiller/cffl_listbox.cpp
+++ b/fpdfsdk/formfiller/cffl_listbox.cpp
@@ -189,17 +189,10 @@ CPWL_Wnd* CFFL_ListBox::ResetPDFWindow(CPDFSDK_PageView* pPageView,
SaveState(pPageView);
DestroyPDFWindow(pPageView);
-
- CPWL_Wnd* pRet = nullptr;
-
- if (bRestoreValue) {
+ if (bRestoreValue)
RestoreState(pPageView);
- pRet = GetPDFWindow(pPageView, false);
- } else {
- pRet = GetPDFWindow(pPageView, true);
- }
-
- m_pWidget->UpdateField();
- return pRet;
+ CPWL_Wnd::ObservedPtr pRet(GetPDFWindow(pPageView, !bRestoreValue));
+ m_pWidget->UpdateField(); // May invoke JS, invalidating pRet.
+ return pRet.Get();
}