summaryrefslogtreecommitdiff
path: root/fpdfsdk/pwl/cpwl_list_box.cpp
diff options
context:
space:
mode:
authorHenrique Nakashima <hnakashima@chromium.org>2017-09-22 12:23:47 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-09-22 18:22:06 +0000
commitf5777a117a7557507616eaf585de5eb266531e16 (patch)
tree6aa102811db0d7e110acb38915699177efcab77f /fpdfsdk/pwl/cpwl_list_box.cpp
parent92827b695a69c7a3fd5940dc0aa1713fe3f3ee96 (diff)
downloadpdfium-f5777a117a7557507616eaf585de5eb266531e16.tar.xz
Fix UAF after destroying a widget during OnBeforeKeyStroke().chromium/3223
Bug: chromium:766957 Change-Id: I61b282059fb4fc2c8ba6dafc502f030f31dd324d Reviewed-on: https://pdfium-review.googlesource.com/14710 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
Diffstat (limited to 'fpdfsdk/pwl/cpwl_list_box.cpp')
-rw-r--r--fpdfsdk/pwl/cpwl_list_box.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/fpdfsdk/pwl/cpwl_list_box.cpp b/fpdfsdk/pwl/cpwl_list_box.cpp
index b5c629392b..c8f7be995d 100644
--- a/fpdfsdk/pwl/cpwl_list_box.cpp
+++ b/fpdfsdk/pwl/cpwl_list_box.cpp
@@ -260,6 +260,8 @@ bool CPWL_ListBox::OnNotifySelectionChanged(bool bKeyDown, uint32_t nFlag) {
if (!m_pFillerNotify)
return false;
+ CPWL_Wnd::ObservedPtr thisObserved(this);
+
WideString swChange = GetText();
WideString strChangeEx;
int nSelStart = 0;
@@ -269,6 +271,10 @@ bool CPWL_ListBox::OnNotifySelectionChanged(bool bKeyDown, uint32_t nFlag) {
std::tie(bRC, bExit) = m_pFillerNotify->OnBeforeKeyStroke(
GetAttachedData(), swChange, strChangeEx, nSelStart, nSelEnd, bKeyDown,
nFlag);
+
+ if (!thisObserved)
+ return false;
+
return bExit;
}