summaryrefslogtreecommitdiff
path: root/fpdfsdk/formfiller/cffl_textfield.cpp
diff options
context:
space:
mode:
authorTom Sepez <tsepez@chromium.org>2017-07-19 16:46:22 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-07-20 17:01:59 +0000
commit77417ec9e1312a75407f8ab46dd46f777a1742f1 (patch)
treef5d40337730001d8576116783fdada892d20becc /fpdfsdk/formfiller/cffl_textfield.cpp
parentdc11ec85ebf637efe99dd9195a2a6a52c3e4d48f (diff)
downloadpdfium-77417ec9e1312a75407f8ab46dd46f777a1742f1.tar.xz
Make CPWL_Wnd classes be observable.
This is another case where JS may lead to destruction of an object far away from where we are holding it. Bug: 737023 Change-Id: I994d5425184b8c00b5cfaeb95dbb5032a6e09edb Reviewed-on: https://pdfium-review.googlesource.com/8350 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'fpdfsdk/formfiller/cffl_textfield.cpp')
-rw-r--r--fpdfsdk/formfiller/cffl_textfield.cpp10
1 files changed, 4 insertions, 6 deletions
diff --git a/fpdfsdk/formfiller/cffl_textfield.cpp b/fpdfsdk/formfiller/cffl_textfield.cpp
index 70bc202fbf..d598419c1b 100644
--- a/fpdfsdk/formfiller/cffl_textfield.cpp
+++ b/fpdfsdk/formfiller/cffl_textfield.cpp
@@ -238,14 +238,12 @@ CPWL_Wnd* CFFL_TextField::ResetPDFWindow(CPDFSDK_PageView* pPageView,
SaveState(pPageView);
DestroyPDFWindow(pPageView);
-
- CPWL_Wnd* pRet = nullptr;
-
if (bRestoreValue)
RestoreState(pPageView);
- pRet = GetPDFWindow(pPageView, !bRestoreValue);
- m_pWidget->UpdateField();
- return pRet;
+
+ CPWL_Wnd::ObservedPtr pRet(GetPDFWindow(pPageView, !bRestoreValue));
+ m_pWidget->UpdateField(); // May invoke JS, invalidating pRet.
+ return pRet.Get();
}
#ifdef PDF_ENABLE_XFA