From c2d0e29cd8fa24c9af0cc4f2a15f90096a5ca8e2 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Thu, 8 Sep 2016 14:03:52 -0700
Subject: Fix CPDFSDK_PageView cleanup.

In https://pdfium.googlesource.com/pdfium/+/461eeafe191068ac8c32f2717907fc6a22a667d2
we moved the map cleanup for the page view to happen before the page view was
destroyed and before we killed the annotation focus.

The map removal must happen before the pageview is destroyed, but must happen
after we've killed the annotation focus in order to not create duplicate page
views which point to the same page.

BUG=chromium:645122

Review-Url: https://codereview.chromium.org/2320253002
---
 fpdfsdk/fsdk_mgr.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/fpdfsdk/fsdk_mgr.cpp b/fpdfsdk/fsdk_mgr.cpp
index eb3f51e97c..694e3154ce 100644
--- a/fpdfsdk/fsdk_mgr.cpp
+++ b/fpdfsdk/fsdk_mgr.cpp
@@ -361,11 +361,17 @@ void CPDFSDK_Document::RemovePageView(UnderlyingPageType* pUnderlyingPage) {
   if (pPageView->IsLocked())
     return;
 
+  // This must happen before we remove |pPageView| from the map because
+  // |KillFocusAnnotIfNeeded| can call into the |GetPage| method which will
+  // look for this page view in the map, if it doesn't find it a new one will
+  // be created. We then have two page views pointing to the same page and
+  // bad things happen.
+  pPageView->KillFocusAnnotIfNeeded();
+
   // Remove the page from the map to make sure we don't accidentally attempt
   // to use the |pPageView| while we're cleaning it up.
   m_pageMap.erase(it);
 
-  pPageView->KillFocusAnnotIfNeeded();
   delete pPageView;
 }
 
-- 
cgit v1.2.3