From fef62e1f2bbf064100e6e262a10653f2374bfd2b Mon Sep 17 00:00:00 2001
From: tsepez <tsepez@chromium.org>
Date: Thu, 22 Sep 2016 11:37:13 -0700
Subject: Null CPDF_CountedObj::m_pObj prior to deletion

This gives additional protection in case of re-entry. Also
make CFX_CountRef more robust in face of errors.

BUG=649229

Review-Url: https://codereview.chromium.org/2364673002
---
 core/fpdfapi/fpdf_page/cpdf_countedobject.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'core/fpdfapi')

diff --git a/core/fpdfapi/fpdf_page/cpdf_countedobject.h b/core/fpdfapi/fpdf_page/cpdf_countedobject.h
index e7f4ab6af0..c61e024589 100644
--- a/core/fpdfapi/fpdf_page/cpdf_countedobject.h
+++ b/core/fpdfapi/fpdf_page/cpdf_countedobject.h
@@ -20,8 +20,10 @@ class CPDF_CountedObject {
     m_pObj = ptr;
   }
   void clear() {  // Now you're all weak ptrs ...
-    delete m_pObj;
+    // Guard against accidental re-entry.
+    T* pObj = m_pObj;
     m_pObj = nullptr;
+    delete pObj;
   }
   T* get() const { return m_pObj; }
   T* AddRef() {
-- 
cgit v1.2.3