From 6a3fc45b9e238d9b7b601cb13be664391d393b42 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Tue, 13 Jun 2017 14:04:02 -0700 Subject: Add more checks for destroyed annotations in CFFL_FormFiller. CFFL_FormFiller::CommitData() should check more rigorously and so should its callers. BUG=chromium:732051 Change-Id: If0cee8fb61de10dc7678dad89c330d75bee55aa4 Reviewed-on: https://pdfium-review.googlesource.com/6530 Commit-Queue: dsinclair Reviewed-by: dsinclair --- fpdfsdk/formfiller/cffl_checkbox.cpp | 6 ++---- fpdfsdk/formfiller/cffl_formfiller.cpp | 19 ++++++++++++++++--- fpdfsdk/formfiller/cffl_interactiveformfiller.cpp | 3 +++ fpdfsdk/formfiller/cffl_radiobutton.cpp | 6 ++---- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/fpdfsdk/formfiller/cffl_checkbox.cpp b/fpdfsdk/formfiller/cffl_checkbox.cpp index d8227d8760..a81458e92d 100644 --- a/fpdfsdk/formfiller/cffl_checkbox.cpp +++ b/fpdfsdk/formfiller/cffl_checkbox.cpp @@ -61,8 +61,7 @@ bool CFFL_CheckBox::OnChar(CPDFSDK_Annot* pAnnot, if (CPWL_CheckBox* pWnd = (CPWL_CheckBox*)GetPDFWindow(pPageView, true)) pWnd->SetCheck(!pWnd->IsChecked()); - CommitData(pPageView, nFlags); - return true; + return CommitData(pPageView, nFlags); } default: return CFFL_FormFiller::OnChar(pAnnot, nChar, nFlags); @@ -81,8 +80,7 @@ bool CFFL_CheckBox::OnLButtonUp(CPDFSDK_PageView* pPageView, pWnd->SetCheck(!pWidget->IsChecked()); } - if (!CommitData(pPageView, nFlags)) - return false; + return CommitData(pPageView, nFlags); } return true; diff --git a/fpdfsdk/formfiller/cffl_formfiller.cpp b/fpdfsdk/formfiller/cffl_formfiller.cpp index 98a14e61af..cd531413c2 100644 --- a/fpdfsdk/formfiller/cffl_formfiller.cpp +++ b/fpdfsdk/formfiller/cffl_formfiller.cpp @@ -258,7 +258,8 @@ void CFFL_FormFiller::KillFocusForAnnot(CPDFSDK_Annot* pAnnot, uint32_t nFlag) { if (!pPageView) return; - CommitData(pPageView, nFlag); + if (!CommitData(pPageView, nFlag)) + return; if (CPWL_Wnd* pWnd = GetPDFWindow(pPageView, false)) pWnd->KillFocus(); @@ -493,25 +494,37 @@ bool CFFL_FormFiller::CommitData(CPDFSDK_PageView* pPageView, uint32_t nFlag) { m_pFormFillEnv->GetInteractiveFormFiller(); CPDFSDK_Annot::ObservedPtr pObserved(m_pWidget.Get()); pFormFiller->OnKeyStrokeCommit(&pObserved, pPageView, bRC, bExit, nFlag); - if (!pObserved || bExit) + if (!pObserved) + return false; + if (bExit) return true; if (!bRC) { ResetPDFWindow(pPageView, false); return true; } + pFormFiller->OnValidate(&pObserved, pPageView, bRC, bExit, nFlag); - if (!pObserved || bExit) + if (!pObserved) + return false; + if (bExit) return true; if (!bRC) { ResetPDFWindow(pPageView, false); return true; } + SaveData(pPageView); pFormFiller->OnCalculate(m_pWidget.Get(), pPageView, bExit, nFlag); + if (!pObserved) + return false; if (bExit) return true; pFormFiller->OnFormat(m_pWidget.Get(), pPageView, bExit, nFlag); + if (!pObserved) + return false; + if (bExit) + return true; } return true; } diff --git a/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp b/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp index f36afa65d5..935e3fffb6 100644 --- a/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp +++ b/fpdfsdk/formfiller/cffl_interactiveformfiller.cpp @@ -425,6 +425,9 @@ bool CFFL_InteractiveFormFiller::OnKillFocus(CPDFSDK_Annot::ObservedPtr* pAnnot, ASSERT((*pAnnot)->GetPDFAnnot()->GetSubtype() == CPDF_Annot::Subtype::WIDGET); if (CFFL_FormFiller* pFormFiller = GetFormFiller(pAnnot->Get(), false)) { pFormFiller->KillFocusForAnnot(pAnnot->Get(), nFlag); + if (!(*pAnnot)) + return false; + if (!m_bNotifying) { CPDFSDK_Widget* pWidget = static_cast(pAnnot->Get()); if (pWidget->GetAAction(CPDF_AAction::LoseFocus).GetDict()) { diff --git a/fpdfsdk/formfiller/cffl_radiobutton.cpp b/fpdfsdk/formfiller/cffl_radiobutton.cpp index e5a5a98b9a..c6ce432d0c 100644 --- a/fpdfsdk/formfiller/cffl_radiobutton.cpp +++ b/fpdfsdk/formfiller/cffl_radiobutton.cpp @@ -60,8 +60,7 @@ bool CFFL_RadioButton::OnChar(CPDFSDK_Annot* pAnnot, if (CPWL_RadioButton* pWnd = (CPWL_RadioButton*)GetPDFWindow(pPageView, true)) pWnd->SetCheck(true); - CommitData(pPageView, nFlags); - return true; + return CommitData(pPageView, nFlags); } default: return CFFL_FormFiller::OnChar(pAnnot, nChar, nFlags); @@ -79,8 +78,7 @@ bool CFFL_RadioButton::OnLButtonUp(CPDFSDK_PageView* pPageView, (CPWL_RadioButton*)GetPDFWindow(pPageView, true)) pWnd->SetCheck(true); - if (!CommitData(pPageView, nFlags)) - return false; + return CommitData(pPageView, nFlags); } return true; -- cgit v1.2.3