Fixup MSan embeddertests

The embeddertests were closing the document before the formfill environment. This caused a use-after-free as we try to use the document during formfill destruction. This Cl fixes the destruction order in the embedder tests. As well, a few guards are put in place to keep the system from crashing if the wrong destruction order is called. R=tsepez@chromium.org Review URL: https://codereview.chromium.org/2398063002 .
author: Dan Sinclair <dsinclair@chromium.org> 2016-10-06 14:53:13 -0400
committer: Dan Sinclair <dsinclair@chromium.org> 2016-10-06 14:53:13 -0400
commit: ca03f7a1c654709152a411f665ce38c3626582e8 (patch)
tree: 21219202db1f20f84e8bc625662278091f856094 /fpdfsdk/fpdfformfill.cpp
parent: f7ca7302bed831801a0b81ff4e1222c75833d2d6 (diff)
download: pdfium-ca03f7a1c654709152a411f665ce38c3626582e8.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/fpdfsdk/fpdfformfill.cpp b/fpdfsdk/fpdfformfill.cpp
index 8be9d5f0b7..fd083c9dcd 100644
--- a/fpdfsdk/fpdfformfill.cpp
+++ b/fpdfsdk/fpdfformfill.cpp
@@ -277,7 +277,10 @@ FPDFDOC_ExitFormFillEnvironment(FPDF_FORMHANDLE hHandle) {
   // XFA document.
   if (CPDFSDK_Document* pSDKDoc = pEnv->GetSDKDocument()) {
     pSDKDoc->ClearAllFocusedAnnots();
-    pSDKDoc->GetXFADocument()->SetSDKDoc(nullptr);
+    // If the document was closed first, it's possible the XFA document
+    // is now a nullptr.
+    if (pSDKDoc->GetXFADocument())
+      pSDKDoc->GetXFADocument()->SetSDKDoc(nullptr);
   }
 #endif  // PDF_ENABLE_XFA
author	Dan Sinclair <dsinclair@chromium.org>	2016-10-06 14:53:13 -0400
committer	Dan Sinclair <dsinclair@chromium.org>	2016-10-06 14:53:13 -0400
commit	ca03f7a1c654709152a411f665ce38c3626582e8 (patch)
tree	21219202db1f20f84e8bc625662278091f856094 /fpdfsdk/fpdfformfill.cpp
parent	f7ca7302bed831801a0b81ff4e1222c75833d2d6 (diff)
download	pdfium-ca03f7a1c654709152a411f665ce38c3626582e8.tar.xz