summaryrefslogtreecommitdiff
path: root/fpdfsdk
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-08-04 12:47:42 -0700
committerCommit bot <commit-bot@chromium.org>2016-08-04 12:47:42 -0700
commit32e693fe13105fab5baf81b334e932fce62d89b5 (patch)
tree97620d6affb77fc07974906f86a69e9f4f84d87d /fpdfsdk
parent0fa54b80d488571f10d8a94f6740006f0bf4957c (diff)
downloadpdfium-32e693fe13105fab5baf81b334e932fce62d89b5.tar.xz
Fix issue when firing TimerProc() destroys timerchromium/2820
We must look the timer up a second time since the callback may have released it. BUG=634394 Review-Url: https://codereview.chromium.org/2214003003
Diffstat (limited to 'fpdfsdk')
-rw-r--r--fpdfsdk/fpdfformfill_embeddertest.cpp23
-rw-r--r--fpdfsdk/javascript/JS_Object.cpp29
2 files changed, 42 insertions, 10 deletions
diff --git a/fpdfsdk/fpdfformfill_embeddertest.cpp b/fpdfsdk/fpdfformfill_embeddertest.cpp
index 27b889085c..a1425153a1 100644
--- a/fpdfsdk/fpdfformfill_embeddertest.cpp
+++ b/fpdfsdk/fpdfformfill_embeddertest.cpp
@@ -134,4 +134,27 @@ TEST_F(FPDFFormFillEmbeddertest, BUG_620428) {
EXPECT_STREQ(L"done", alerts[0].message.c_str());
}
+TEST_F(FPDFFormFillEmbeddertest, BUG_634394) {
+ // Cancel timer inside timer callback.
+ EmbedderTestTimerHandlingDelegate delegate;
+ SetDelegate(&delegate);
+
+ EXPECT_TRUE(OpenDocument("bug_634394.pdf"));
+ FPDF_PAGE page = LoadPage(0);
+ EXPECT_TRUE(page);
+ DoOpenActions();
+
+ // Timers fire at most once per AdvanceTime(), allow intervals
+ // to fire several times if possible.
+ delegate.AdvanceTime(1000);
+ delegate.AdvanceTime(1000);
+ delegate.AdvanceTime(1000);
+ delegate.AdvanceTime(1000);
+ delegate.AdvanceTime(1000);
+ UnloadPage(page);
+
+ const auto& alerts = delegate.GetAlerts();
+ EXPECT_EQ(2U, alerts.size());
+}
+
#endif // PDF_ENABLE_V8
diff --git a/fpdfsdk/javascript/JS_Object.cpp b/fpdfsdk/javascript/JS_Object.cpp
index b0a307beb1..9ec316303d 100644
--- a/fpdfsdk/javascript/JS_Object.cpp
+++ b/fpdfsdk/javascript/JS_Object.cpp
@@ -115,16 +115,25 @@ void CJS_Timer::KillJSTimer() {
// static
void CJS_Timer::TimerProc(int idEvent) {
- const auto it = GetGlobalTimerMap()->find(idEvent);
- if (it != GetGlobalTimerMap()->end()) {
- CJS_Timer* pTimer = it->second;
- if (!pTimer->m_bProcessing) {
- CFX_AutoRestorer<bool> scoped_processing(&pTimer->m_bProcessing);
- pTimer->m_bProcessing = true;
- if (pTimer->m_pEmbedObj)
- pTimer->m_pEmbedObj->TimerProc(pTimer);
- }
- }
+ auto it = GetGlobalTimerMap()->find(idEvent);
+ if (it == GetGlobalTimerMap()->end())
+ return;
+
+ CJS_Timer* pTimer = it->second;
+ if (pTimer->m_bProcessing)
+ return;
+
+ pTimer->m_bProcessing = true;
+ if (pTimer->m_pEmbedObj)
+ pTimer->m_pEmbedObj->TimerProc(pTimer);
+
+ // Timer proc may have destroyed timer, find it again.
+ it = GetGlobalTimerMap()->find(idEvent);
+ if (it == GetGlobalTimerMap()->end())
+ return;
+
+ pTimer = it->second;
+ pTimer->m_bProcessing = false;
}
// static