summaryrefslogtreecommitdiff
path: root/fpdfsdk
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2017-06-13 14:04:02 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-06-15 18:28:02 +0000
commit6a3fc45b9e238d9b7b601cb13be664391d393b42 (patch)
tree69182b8517f5ecea3ebe24f46fa72b43d70a7f26 /fpdfsdk
parent65a55343e623924c9c3bbbd953097cf7fd0f5fc6 (diff)
downloadpdfium-6a3fc45b9e238d9b7b601cb13be664391d393b42.tar.xz
Add more checks for destroyed annotations in CFFL_FormFiller.
CFFL_FormFiller::CommitData() should check more rigorously and so should its callers. BUG=chromium:732051 Change-Id: If0cee8fb61de10dc7678dad89c330d75bee55aa4 Reviewed-on: https://pdfium-review.googlesource.com/6530 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fpdfsdk')
-rw-r--r--fpdfsdk/formfiller/cffl_checkbox.cpp6
-rw-r--r--fpdfsdk/formfiller/cffl_formfiller.cpp19
-rw-r--r--fpdfsdk/formfiller/cffl_interactiveformfiller.cpp3
-rw-r--r--fpdfsdk/formfiller/cffl_radiobutton.cpp6
4 files changed, 23 insertions, 11 deletions
diff --git a/fpdfsdk/formfiller/cffl_checkbox.cpp b/fpdfsdk/formfiller/cffl_checkbox.cpp
index d8227d8760..a81458e92d 100644
--- a/fpdfsdk/formfiller/cffl_checkbox.cpp
+++ b/fpdfsdk/formfiller/cffl_checkbox.cpp
@@ -61,8 +61,7 @@ bool CFFL_CheckBox::OnChar(CPDFSDK_Annot* pAnnot,
if (CPWL_CheckBox* pWnd = (CPWL_CheckBox*)GetPDFWindow(pPageView, true))
pWnd->SetCheck(!pWnd->IsChecked());
- CommitData(pPageView, nFlags);
- return true;
+ return CommitData(pPageView, nFlags);
}
default:
return CFFL_FormFiller::OnChar(pAnnot, nChar, nFlags);
@@ -81,8 +80,7 @@ bool CFFL_CheckBox::OnLButtonUp(CPDFSDK_PageView* pPageView,
pWnd->SetCheck(!pWidget->IsChecked());
}
- if (!CommitData(pPageView, nFlags))
- return false;
+ return CommitData(pPageView, nFlags);
}
return true;
diff --git a/fpdfsdk/formfiller/cffl_formfiller.cpp b/fpdfsdk/formfiller/cffl_formfiller.cpp
index 98a14e61af..cd531413c2 100644
--- a/fpdfsdk/formfiller/cffl_formfiller.cpp
+++ b/fpdfsdk/formfiller/cffl_formfiller.cpp
@@ -258,7 +258,8 @@ void CFFL_FormFiller::KillFocusForAnnot(CPDFSDK_Annot* pAnnot, uint32_t nFlag) {
if (!pPageView)
return;
- CommitData(pPageView, nFlag);
+ if (!CommitData(pPageView, nFlag))
+ return;
if (CPWL_Wnd* pWnd = GetPDFWindow(pPageView, false))
pWnd->KillFocus();
@@ -493,25 +494,37 @@ bool CFFL_FormFiller::CommitData(CPDFSDK_PageView* pPageView, uint32_t nFlag) {
m_pFormFillEnv->GetInteractiveFormFiller();
CPDFSDK_Annot::ObservedPtr pObserved(m_pWidget.Get());
pFormFiller->OnKeyStrokeCommit(&pObserved, pPageView, bRC, bExit, nFlag);
- if (!pObserved || bExit)
+ if (!pObserved)
+ return false;
+ if (bExit)
return true;
if (!bRC) {
ResetPDFWindow(pPageView, false);
return true;
}
+
pFormFiller->OnValidate(&pObserved, pPageView, bRC, bExit, nFlag);
- if (!pObserved || bExit)
+ if (!pObserved)
+ return false;
+ if (bExit)
return true;
if (!bRC) {
ResetPDFWindow(pPageView, false);
return true;
}
+
SaveData(pPageView);
pFormFiller->OnCalculate(m_pWidget.Get(), pPageView, bExit, nFlag);
+ if (!pObserved)
+ return false;
if (bExit)
return true;
pFormFiller->OnFormat(m_pWidget.Get(), pPageView, bExit, nFlag);
+ if (!pObserved)
+ return false;
+ if (bExit)
+ return true;
}
return true;
}
diff --git a/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp b/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp
index f36afa65d5..935e3fffb6 100644
--- a/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp
+++ b/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp
@@ -425,6 +425,9 @@ bool CFFL_InteractiveFormFiller::OnKillFocus(CPDFSDK_Annot::ObservedPtr* pAnnot,
ASSERT((*pAnnot)->GetPDFAnnot()->GetSubtype() == CPDF_Annot::Subtype::WIDGET);
if (CFFL_FormFiller* pFormFiller = GetFormFiller(pAnnot->Get(), false)) {
pFormFiller->KillFocusForAnnot(pAnnot->Get(), nFlag);
+ if (!(*pAnnot))
+ return false;
+
if (!m_bNotifying) {
CPDFSDK_Widget* pWidget = static_cast<CPDFSDK_Widget*>(pAnnot->Get());
if (pWidget->GetAAction(CPDF_AAction::LoseFocus).GetDict()) {
diff --git a/fpdfsdk/formfiller/cffl_radiobutton.cpp b/fpdfsdk/formfiller/cffl_radiobutton.cpp
index e5a5a98b9a..c6ce432d0c 100644
--- a/fpdfsdk/formfiller/cffl_radiobutton.cpp
+++ b/fpdfsdk/formfiller/cffl_radiobutton.cpp
@@ -60,8 +60,7 @@ bool CFFL_RadioButton::OnChar(CPDFSDK_Annot* pAnnot,
if (CPWL_RadioButton* pWnd =
(CPWL_RadioButton*)GetPDFWindow(pPageView, true))
pWnd->SetCheck(true);
- CommitData(pPageView, nFlags);
- return true;
+ return CommitData(pPageView, nFlags);
}
default:
return CFFL_FormFiller::OnChar(pAnnot, nChar, nFlags);
@@ -79,8 +78,7 @@ bool CFFL_RadioButton::OnLButtonUp(CPDFSDK_PageView* pPageView,
(CPWL_RadioButton*)GetPDFWindow(pPageView, true))
pWnd->SetCheck(true);
- if (!CommitData(pPageView, nFlags))
- return false;
+ return CommitData(pPageView, nFlags);
}
return true;