summaryrefslogtreecommitdiff
path: root/xfa/fxfa/app/xfa_textpiece.cpp
AgeCommit message (Collapse)Author
2017-01-17Avoid endless loop deleting CFGAS_GEFont.tsepez
It's a ref-counted class, so if we're in the destructor, the ref count has hit zero. We can't make a new ref pointer to itself here, as it will re-invoke the destructor when it goes out of scope. This should have been an obvious anti-pattern in hindsight. The object in question can't be in the m_pFontManager, since the font manager retains a reference, and we wouldn't get to this destructor while that is present. So the cleanup isn't required. Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp. I also converted to use unique_ptrs in a few places near this issue. Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr is not a good idea as it doesn't bump the ref count. Also protect and friend the CFGAS_GEFont destructor, to make sure random deletes don't happen. Also kill off a const cast, and remove unnecessary conversion to retain_ptr when we already have one. TEST=look for absence of -11 in XFA corpus test logs, bots not currently noticing the segv. Argh. Review-Url: https://codereview.chromium.org/2631703003
2017-01-10Split xfa_textlayout apart.Dan Sinclair
This CL splits the xfa_texlayout.{cpp|h} files into individual class files. Minor reformatting was done in the new clasess. Change-Id: Id79ffcb8dca3fcf287a2e6dec78fd2b1f990a542 Reviewed-on: https://pdfium-review.googlesource.com/2162 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>