Age | Commit message (Collapse) | Author |
|
It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.
The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.
Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.
Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.
Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.
Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.
TEST=look for absence of -11 in XFA corpus test logs, bots not
currently noticing the segv. Argh.
Review-Url: https://codereview.chromium.org/2631703003
|
|
Use std::less<>() rather than a direct ptr1 < ptr2 comparison to
be strictly correct in face of unspecified behaviour when ptr1 and
ptr2 don't point within the same "object" (e.g. segment of memory
on a brain-dead segmented architecture).
This will allow their use as keys in maps.
Review-Url: https://codereview.chromium.org/2616683002
|
|
Required to pass pointers across C-APIs. Need this to clean
up CPDFXFA_Page and retain ptrs.
Review-Url: https://codereview.chromium.org/2583093003
|
|
The previous CLs made the code clean, so now we can mark more things
private, and add friends as appropriate.
Review-Url: https://codereview.chromium.org/2560783003
|
|
Part of the work to get rid of |new|s. Stripped from a forthcoming CL.
Review-Url: https://codereview.chromium.org/2536973003
|
|
BUG=pdfium:611
Review-Url: https://codereview.chromium.org/2382723003
|