diff options
author | dsinclair <dsinclair@chromium.org> | 2016-08-23 11:39:23 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-08-23 11:39:23 -0700 |
commit | 837735660808d52580703183ae24a3c7c7b05c7d (patch) | |
tree | c0a607bfd0491fbf18988bf4dbe9f034571bfdf7 /xfa/fgas/font/fgas_stdfontmgr.cpp | |
parent | c38de1116bbee807e4461fe8a08e4c152c0fce15 (diff) | |
download | pdfium-837735660808d52580703183ae24a3c7c7b05c7d.tar.xz |
[XFA] Force destruction order of font managers.chromium/2838
The GEFont points to the font manager which creates it and tries to unregister
itself. Currently the GEFont can be created by the default mapper and then
stored in a different mapper. If the default mapper is destroyed first, when
the second mapper cleans up the font there will be a call to unregister on
the default mapper causing a use-after-free.
The long term fix is to fixup the GEFont so it points to the correct mapper
to unregister from. This CL forces the destruction order in CXFA_FFApp to
cleanup the non-default mapper first.
BUG=chromium:637546
Review-Url: https://codereview.chromium.org/2259823004
Diffstat (limited to 'xfa/fgas/font/fgas_stdfontmgr.cpp')
-rw-r--r-- | xfa/fgas/font/fgas_stdfontmgr.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/xfa/fgas/font/fgas_stdfontmgr.cpp b/xfa/fgas/font/fgas_stdfontmgr.cpp index ab7852e310..7e5cfbb796 100644 --- a/xfa/fgas/font/fgas_stdfontmgr.cpp +++ b/xfa/fgas/font/fgas_stdfontmgr.cpp @@ -1156,7 +1156,6 @@ void CFGAS_FontMgrImp::RemoveFont(CFGAS_GEFont* pEFont) { } void CFGAS_FontMgrImp::RegisterFace(FXFT_Face pFace, - CFX_FontDescriptors& Fonts, const CFX_WideString* pFaceName) { if ((pFace->face_flags & FT_FACE_FLAG_SCALABLE) == 0) return; @@ -1188,7 +1187,7 @@ void CFGAS_FontMgrImp::RegisterFace(FXFT_Face pFace, : CFX_WideString::FromLocal(FXFT_Get_Postscript_Name(pFace)); pFont->m_nFaceIndex = pFace->face_index; - Fonts.Add(pFont.release()); + m_InstalledFonts.Add(pFont.release()); } void CFGAS_FontMgrImp::RegisterFaces(IFX_FileRead* pFontStream, @@ -1202,7 +1201,7 @@ void CFGAS_FontMgrImp::RegisterFaces(IFX_FileRead* pFontStream, // All faces keep number of faces. It can be retrieved from any one face. if (num_faces == 0) num_faces = pFace->num_faces; - RegisterFace(pFace, m_InstalledFonts, pFaceName); + RegisterFace(pFace, pFaceName); if (FXFT_Get_Face_External_Stream(pFace)) FXFT_Clear_Face_External_Stream(pFace); FXFT_Done_Face(pFace); |