diff options
| author | tsepez <tsepez@chromium.org> | 2016-08-04 12:47:42 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-08-04 12:47:42 -0700 |
| commit | 32e693fe13105fab5baf81b334e932fce62d89b5 (patch) | |
| tree | 97620d6affb77fc07974906f86a69e9f4f84d87d /fpdfsdk/javascript/JS_Object.cpp | |
| parent | 0fa54b80d488571f10d8a94f6740006f0bf4957c (diff) | |
| download | pdfium-32e693fe13105fab5baf81b334e932fce62d89b5.tar.xz | |
Fix issue when firing TimerProc() destroys timerchromium/2820
We must look the timer up a second time since the callback
may have released it.
BUG=634394
Review-Url: https://codereview.chromium.org/2214003003
Diffstat (limited to 'fpdfsdk/javascript/JS_Object.cpp')
| -rw-r--r-- | fpdfsdk/javascript/JS_Object.cpp | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/fpdfsdk/javascript/JS_Object.cpp b/fpdfsdk/javascript/JS_Object.cpp index b0a307beb1..9ec316303d 100644 --- a/fpdfsdk/javascript/JS_Object.cpp +++ b/fpdfsdk/javascript/JS_Object.cpp @@ -115,16 +115,25 @@ void CJS_Timer::KillJSTimer() { // static void CJS_Timer::TimerProc(int idEvent) { - const auto it = GetGlobalTimerMap()->find(idEvent); - if (it != GetGlobalTimerMap()->end()) { - CJS_Timer* pTimer = it->second; - if (!pTimer->m_bProcessing) { - CFX_AutoRestorer<bool> scoped_processing(&pTimer->m_bProcessing); - pTimer->m_bProcessing = true; - if (pTimer->m_pEmbedObj) - pTimer->m_pEmbedObj->TimerProc(pTimer); - } - } + auto it = GetGlobalTimerMap()->find(idEvent); + if (it == GetGlobalTimerMap()->end()) + return; + + CJS_Timer* pTimer = it->second; + if (pTimer->m_bProcessing) + return; + + pTimer->m_bProcessing = true; + if (pTimer->m_pEmbedObj) + pTimer->m_pEmbedObj->TimerProc(pTimer); + + // Timer proc may have destroyed timer, find it again. + it = GetGlobalTimerMap()->find(idEvent); + if (it == GetGlobalTimerMap()->end()) + return; + + pTimer = it->second; + pTimer->m_bProcessing = false; } // static |