From 569817cfffe7410765c97c6deebef3a795bac0f6 Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Thu, 5 Oct 2017 14:14:03 -0400
Subject: Add ObservedPtr to catch Widget being killed by JS

Another case of a call causing JS to run, which can remove a widget
that is called later.

BUG=chromium:771979

Change-Id: I5f25a38097662b70cfb777f76f0e3d50e7c11b1b
Reviewed-on: https://pdfium-review.googlesource.com/15610
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
---
 fpdfsdk/javascript/Field.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fpdfsdk/javascript/Field.cpp b/fpdfsdk/javascript/Field.cpp
index a89df16158..da0e60cc18 100644
--- a/fpdfsdk/javascript/Field.cpp
+++ b/fpdfsdk/javascript/Field.cpp
@@ -324,16 +324,21 @@ void Field::UpdateFormControl(CPDFSDK_FormFillEnvironment* pFormFillEnv,
   CPDFSDK_Widget* pWidget = pForm->GetWidget(pFormControl);
 
   if (pWidget) {
+    CPDFSDK_Widget::ObservedPtr observed_widget(pWidget);
     if (bResetAP) {
       int nFieldType = pWidget->GetFieldType();
       if (nFieldType == FIELDTYPE_COMBOBOX ||
           nFieldType == FIELDTYPE_TEXTFIELD) {
         bool bFormatted = false;
         WideString sValue = pWidget->OnFormat(bFormatted);
+        if (!observed_widget)
+          return;
         pWidget->ResetAppearance(bFormatted ? &sValue : nullptr, false);
       } else {
         pWidget->ResetAppearance(nullptr, false);
       }
+      if (!observed_widget)
+        return;
     }
 
     if (bRefresh) {
-- 
cgit v1.2.3