summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-31Use vector instead of pointer in CJBig2_SegmentNicolas Pena
Change-Id: Ic54e0491d9b33a06b5f85963f8127bfa4263f4d6 Reviewed-on: https://pdfium-review.googlesource.com/12450 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-31Change CPDF_Form::ParseContent() to ParseContentWithParams().Lei Zhang
Add a new ParseContent() method as a convenience to call ParseContentWithParams() with the default parameters. Change-Id: I274682845a72e125c3fc6299289edb760104ac4d Reviewed-on: https://pdfium-review.googlesource.com/12250 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-08-31Fix code style.Artem Strygin
rename m_linearized_first_page_cross_ref_start_obj_num --> m_dwLinearizedFirstPageXRefStartObjNum Change-Id: I12194169f10df445d7c81305491775c15c400fad Reviewed-on: https://pdfium-review.googlesource.com/12630 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-31Split IFX_Pause out of fx_basicDan Sinclair
This CL moves IFX_Pause out to its own class from fx_basic and updates includes as needed. Change-Id: Iebdd183d8c85aa17570f190f1a7d1602c0af3c8b Reviewed-on: https://pdfium-review.googlesource.com/12491 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Add truly const versions of CPDF_Document getters.Lei Zhang
Instead of only having CPDF_Dictionary* GetRoot() const, provide const CPDF_Dictionary* GetRoot() const and CPDF_Dictionary* GetRoot(). Do the same for GetInfo(). Change-Id: I6eae1208d38327fcdc7d0cd75069a01c95f4a92a Reviewed-on: https://pdfium-review.googlesource.com/11671 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-30Split CFX_FixedBufGrow out of fx_basicchromium/3201Dan Sinclair
This CL moves CFX_FixedBufGrow to its own files and updates includes as needed. Change-Id: Ia0cb70569b30acdb3ba9f23d8937ab8f9c17d6e6 Reviewed-on: https://pdfium-review.googlesource.com/12490 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_WideTextBuf out of fx_basicDan Sinclair
This CL moves CFX_WideTextBuf to its own files and updates includes as needed. Change-Id: Ibe66ecf3e66f8f01dd8e9eaf6b467588be86ad4f Reviewed-on: https://pdfium-review.googlesource.com/12413 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_BinaryBuf out of fx_basicDan Sinclair
This CL splits the CFX_BinaryBuf out of fx_basic into its own files. The various includes have been updated. Change-Id: I0fa616eeb4df6dd229c02dc3a0597b3dced59425 Reviewed-on: https://pdfium-review.googlesource.com/12412 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_UTF8Decoder out of fx_basicDan Sinclair
This CL moves CFX_UTF8Decoder out of fx_basic and includes where needed. Change-Id: I1a093a8a77bbefcc90fbb2f81b1da65bfc0512bf Reviewed-on: https://pdfium-review.googlesource.com/12411 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_UTF8Encoder out of fx_basicDan Sinclair
The CFX_UTF8Encoder is only used in FX_UTF8Encode(). This CL moves the class to the anonymous namespace with that method. The unused AppendStr method has been removed. Change-Id: Ie514686c4b4489bb0b0df83b7eeec14bb1876fcd Reviewed-on: https://pdfium-review.googlesource.com/12410 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Fix undefined shift in CJBig2_Context::decodeSymbolIDHuffmanTableNicolas Pena
Bug: chromium:755532 Change-Id: Ib04426fab52d0ca1d2544a21fd2ce4faaa57123f Reviewed-on: https://pdfium-review.googlesource.com/12430 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-30Split auto restorer from fx_basicDan Sinclair
This CL moves CFX_AutoRestorer into its own file, separate from fx_basic.h. Change-Id: I415cb9207416bd4744b8ac8e2d7466852db53f0a Reviewed-on: https://pdfium-review.googlesource.com/12390 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Move CFX_BitStream to its own fileDan Sinclair
This CL moves the CFX_BitStream code out of fx_basic and into cfx_bitstream. Bug: pdfium:867 Change-Id: I5b7e6190a7db1fe1d24feb6bd676035a5c73ee92 Reviewed-on: https://pdfium-review.googlesource.com/12350 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Rebuild CFDE_TextEditEngine.Dan Sinclair
This CL rebuilds the text edit engine in a simpler fashion. Instead of depending on multiple pages, paragraphs and buffer fields there is a single text edit engine which contains a gap buffer. This makes the code easier to understand and follow. Change-Id: I10fe85603fa9ed15a647eaac2d931f113cd0c7b0 Reviewed-on: https://pdfium-review.googlesource.com/11990 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-08-30Convert int* references to FX_STRSIZERyan Harrison
Through out the code base there are numerous places where variables are declared using a signed integer type when interacting with the string classes, since they assume that FX_STRSIZE is 'int'. As part of changing the underling type of FX_STRSIZE to be unsigned, these locations are being changed to use FX_STRSIZE. This is necessary as part of converting the type, but has been broken off into a separate CL, since it should be low risk. Some related cleanups that are low risk are included as part of this CL. BUG=pdfium:828 Change-Id: Ifaae54ad195ccde0fe8672f71271d29a6ebd65fd Reviewed-on: https://pdfium-review.googlesource.com/12210 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-30Cleanup CFX_SeekableStreamProxyRyan Harrison
Clean up being done in preperation for removal of negative length strings. This means that FX_STRSIZE will become unsigned so the return methods cannot return -1. Other cleanup suggested by reviewers is included. BUG=pdfium:828 Change-Id: I2cfb78c8ab7738516e0c9f8a99caec6f6cb12cde Reviewed-on: https://pdfium-review.googlesource.com/12170 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-29Implement CPDF_ObjectAvail.Artem Strygin
This is non recursive replacement for CPDF_DataAvail::AreObjectsAvailable. Also added tests. Change-Id: I546289fc0963d2343253755850f55af8c0bd8e4c Reviewed-on: https://pdfium-review.googlesource.com/11430 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2017-08-29Optimize receiving page, if it have not obj num.Artem Strygin
Make all pages dictionary are not inlined. Original fix: https://codereview.chromium.org/2491583002 Change-Id: Ie3aa662182a70ef6ef1d6121c0576c171e0060dd Reviewed-on: https://pdfium-review.googlesource.com/11810 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Art Snake <art-snake@yandex-team.ru>
2017-08-29Add a few recent decisions into README.mdTom Sepez
Forbid C++14 encroachment. Add big-endian caveat. Change-Id: I1059d3b23ada2d7db1b30ecf8a7c75b0f94e6b58 Reviewed-on: https://pdfium-review.googlesource.com/12311 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-08-29Remove an unused CXFA_FFDoc method.chromium/3200Lei Zhang
Change-Id: If2a8e608498c505440405e7eff675969ac4b195a Reviewed-on: https://pdfium-review.googlesource.com/12330 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-29Reduce rounding errors when Invalidating rects.Lei Zhang
Instead of using CFX_FloatRect::ToFxRect(), which always rounds down, use GetOuterRect() which correctly rounds up / down depending on the side of the rectangle. Change-Id: I7abd3a65e8c0467ed4303292f26a72737a5d553b Reviewed-on: https://pdfium-review.googlesource.com/12312 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-29Fix incorrectly guarded lexer advancement in FormCalc parserRyan Harrison
BUG=chromium:752501 Change-Id: Ie9943cd80a4afa73ad9393c8bcd2aa2656a9d932 Reviewed-on: https://pdfium-review.googlesource.com/12290 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-29Convert some form fill tests to use CFX_PointF coordinates.Lei Zhang
Add helper function for commonly used coordinates and give coordinates used in tests semantic meaning. Also add more sanity checks to make sure the commonly used coordinates pass the FPDFPage_HasFormFieldAtPoint() hit test. Change-Id: If116ed5323b49bdbcbd4d857b5184f9fcd4eb908 Reviewed-on: https://pdfium-review.googlesource.com/12070 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-29Make some CPDF_StreamContentParser methods static.Lei Zhang
For methods that are only exposed for testing. Once they are static, there is no need for dummy CPDF_StreamContentParser constructor calls in the unit tests. Adjust the CPDF_StreamContentParser constructor now that one of the parameters can no longer be a nullptr. Change-Id: If29b02ea216002a7bb325b1913281f58b70382aa Reviewed-on: https://pdfium-review.googlesource.com/12230 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Remove parameter to TypeTextIntoTextField().Lei Zhang
FPDFFormFillInteractiveEmbeddertest subclasses know the type to expect. Change-Id: I92c5fc75864330f5b1cbd392b9565b4323ce26b5 Reviewed-on: https://pdfium-review.googlesource.com/12052 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Put some form tests in FPDFFormFillEmbeddertest subclasses.Lei Zhang
This removes a lot of repeated code that can go in SetUp()/TearDown(). This also makes the assumption that there is only 1 page used for testing, so methods in the tests can refer to the page as a member variable, rather than having a method parameter. Change-Id: Ia77633ebe22f1184d2ee2fc78e88e7d33f48a86e Reviewed-on: https://pdfium-review.googlesource.com/12051 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Unify CPDF_DataAvail::CheckTrailer.Artem Strygin
Use read validator to check trailer availability Change-Id: Id8c62a6c746f136c05cfa8d646268322e2543b52 Reviewed-on: https://pdfium-review.googlesource.com/11770 Commit-Queue: Art Snake <art-snake@yandex-team.ru> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Implicitly create CFX_WideString() in form tests.Lei Zhang
Change-Id: I042c5e843dcf535b2d6676d41c0037e87c59c219 Reviewed-on: https://pdfium-review.googlesource.com/12050 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Unify CPDF_DataAvail::LoadAllFile.chromium/3199Artem Strygin
Use read validator to check whole file availability. Change-Id: Ic118ccee38557d124ecde3893ee3c18c98c674d5 Reviewed-on: https://pdfium-review.googlesource.com/11712 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Update paths for coverage script in documentationRyan Harrison
Change-Id: I38ee7e59f4bf9587f43546460c87bb8539121472 Reviewed-on: https://pdfium-review.googlesource.com/12211 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Unify CPDF_DataAvail::CheckCrossRef.Artem Strygin
Use read validator to check cross ref table availability Change-Id: I050c366a255598ca6d8bcd353afa94c4a09c33a9 Reviewed-on: https://pdfium-review.googlesource.com/11730 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Added FPDFAnnot_GetAnnotIndex()Jane Liu
Added FPDFAnnot_GetAnnotIndex() to get the index of an annotation. This is useful if linked annotations are renedered together - then we need to know which ones in the annotation list we need to skip. Bug=pdfium:863,pdfium:737 Change-Id: I53482a15e0fd9a896b348b64d68e99f9c21da9f9 Reviewed-on: https://pdfium-review.googlesource.com/11970 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Add a nullptr check in ReplaceIndirectObjectIfHigherGeneration().Lei Zhang
Avoid pushing nullptrs into the orphans list. Change-Id: I2d52c83e6f20e89be101365d3cca0960b4941a4f Reviewed-on: https://pdfium-review.googlesource.com/12190 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Remove unused / rarely used CFX_PTemplate methods.Lei Zhang
CFX_Point and CFX_PointF are derived from CFX_PTemplate. Add a helper function to replace the rarely used method where its used. Change-Id: I28448d44bbae9aa6773d1ad5fd7daf342b67c84c Reviewed-on: https://pdfium-review.googlesource.com/12071 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Convert find markers to Optionals in CPDF_TextPageFindRyan Harrison
Currently these use -1 as a special value to indicate not set. This creates the same issues that FX_STRNPOS created for converting FX_STRSIZE to size_t, so this code has been rewritten. BUG=pdfium:828 Change-Id: Iaaa96af0dcb2eb8b600f3ea39060a398ac9a3800 Reviewed-on: https://pdfium-review.googlesource.com/12130 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-08-28Pass more const CFX_Matrix* params in CFFL_FormFiller.Lei Zhang
Remove some useless overrides. Change-Id: Icf4d8bfcca6358ef3f59f768c2d60759d4b05243 Reviewed-on: https://pdfium-review.googlesource.com/10854 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Add helper methods in CJBig2_GRRDProc.Lei Zhang
Refactor identical code used in decode_Template0_unopt() into their own methods. Change-Id: I37348a280ecc66d91fdcd3c9aabe49d2a8065417 Reviewed-on: https://pdfium-review.googlesource.com/11950 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Move replaced indirect objects to the orphans list.Lei Zhang
ReplaceIndirectObjectIfHigherGeneration() deletes replaced objects, but those objects may be in use. So move them to the orphans list instead to avoid potential dangling pointers. BUG=chromium:757705 Change-Id: Ide83a1b85b754166d298fd50e655ca331ba4f942 Reviewed-on: https://pdfium-review.googlesource.com/11670 Reviewed-by: Art Snake <art-snake@yandex-team.ru> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-08-28Change DrawAppearance() methods to take CFX_Matrix by const-ref.Lei Zhang
Change-Id: If038850c745ac26e50c313bdbe630483434caedc Reviewed-on: https://pdfium-review.googlesource.com/11390 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Limit pdf_codec_jbig2_fuzzer memory usage.Lei Zhang
BUG=chromium:749610 Change-Id: Ia83558568293398c72b7215e9b3fe4e4df6f969a Reviewed-on: https://pdfium-review.googlesource.com/11931 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Limit pdf_jpx_fuzzer memory usage.Lei Zhang
BUG=chromium:738711 Change-Id: I4a308694c3e6fcd17431515b7897969d54486071 Reviewed-on: https://pdfium-review.googlesource.com/11870 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Skip decoding of excessively large JBIG2 images.Lei Zhang
BUG=chromium:749610. Change-Id: I4de7855aec552e6c143e7a8be6b90e44945a0fcb Reviewed-on: https://pdfium-review.googlesource.com/11930 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Unify CPDF_SyntaxParser::GetObjectXXX methods.Artem Strygin
Merge CPDF_SyntaxParser::GetObject and CPDF_SyntaxParser::GetObjectForStrict. Change-Id: Ic9ff51e24ee981c268239847e3cca1c6f6a6f269 Reviewed-on: https://pdfium-review.googlesource.com/10511 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Add a global font loader in XFA testsDan Sinclair
This CL creates a global font loader for use in XFA tests. This is needed because the CFGAS_FontMangaer takes a linearly increasing amount of time to load fonts each time it's loaded. This can get excessively slow for test suites which run a lot of tests. Change-Id: Ie389844b56598ce414f4f761654fa4ed465955fd Reviewed-on: https://pdfium-review.googlesource.com/12090 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-28Remove code which does nothingDan Sinclair
This code will just add 0 to x and subtract 0 from y. Doing nothing. Remove. Change-Id: I6e0aa91d088acd49cb83d4bded29908b544b692b Reviewed-on: https://pdfium-review.googlesource.com/12110 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-08-25Add help IsValid* methods to string classeschromium/3198chromium/3197Ryan Harrison
The various string classes, CFX_ByteString, CFX_ByteStringC, CFX_WideString, and CFX_WideStringC, have many conditionals that are effectively determining if a value is a valid index or length. This CL refactors the logic into one place per class, so it only needs to be changed once if its behaviour needs to change. It also make the some of the methods stricter on the inputs they will accept. BUG=pdfium:828 Change-Id: Iadcdaa34a6d862a2804485770027179c89dc6956 Reviewed-on: https://pdfium-review.googlesource.com/12030 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-25Do not QuickFloor on cmsintrpNicolas Pena
In this CL, the flag CMS_DONT_USE_FAST_FLOOR is set to true because quickfloor could cause heap-buffer-overflow due to flooring errors. In the testcase for the bug, Input[2] is a number very close but smaller than 1 such that quickfloor returned 1 (whereas Input[2] >= 1.0 was false). Bug: chromium:752725 Change-Id: Ibb1763aa120a600e86602f1a46c4cd6d0d6bebd5 Reviewed-on: https://pdfium-review.googlesource.com/11310 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-08-24Fix some nits in XFACodecFuzzer.chromium/3196Lei Zhang
Change-Id: Ia9738e14d90a813b6ec7abd72843248fd3a3bff0 Reviewed-on: https://pdfium-review.googlesource.com/11910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-23Reject oversized iCCP profile length in libpng.chromium/3195Lei Zhang
cherry-pick of https://github.com/glennrp/libpng/commit/92a7c79db2c962d04006b35e2603ba9d5ce75541 BUG=chromium:729673 Change-Id: I907b4920ed6d276a075a30269be1744aff678069 Reviewed-on: https://pdfium-review.googlesource.com/11690 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-23Fixed ASan crash when unloading page with CFFL_ListBox.Henrique Nakashima
The crash was caused by a dangling pointer in CPWL_ListCtrl to the font map owned by CFF_TextObject. The order of events was: 1. ~CFFL_ListBox runs and calls parent destructor ~CFFL_TextObject. 2. ~CFFL_TextObject runs and deletes its member m_pFontMap. m_FontMap was referenced by CPWL_ListCtrl which is now dangling. 3. ~CFFL_TextObject calls parent destructor ~CFFL_FormFiller. 4. ~CFFL_FormFiller calls DestroyWindows(). 5. CFFL_FormFiller::DestroyWindows() deletes widgets, among them CPWL_ListBox. 6. ~CPWL_ListBox deletes its member CPWL_ListCtrl. 7. ~CPWL_ListCtrl sees a dangling pointer to the map and crashes. Making the DestroyWindows() call earlier in the destructor of CFFL_TextObject, we execute steps 5-7 before freeing m_pFontMap. An extra DestroyWindows() is still made in ~CFFL_FormFiller, but it is then non-op if the derived CFFL_TextObject already called it. Bug: chromium:757506 Change-Id: Ib8dce04f1dd0bcf8e10701f6cf7ea500bfb5ba84 Reviewed-on: https://pdfium-review.googlesource.com/11651 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>