From bcf46238b4533a9da91f4fa5d7248bbc85511dbd Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Mon, 3 Oct 2016 13:02:27 -0700
Subject: Guard against double deletion of page views.

This CL adds a |IsBeingDestroyed| flag into the CPDFSDK_PageView. We then
bail out of the pageview removal code early if the flag is set.

BUG=chromium:652103

Review-Url: https://codereview.chromium.org/2384243002
---
 fpdfsdk/cpdfsdk_document.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'fpdfsdk/cpdfsdk_document.cpp')

diff --git a/fpdfsdk/cpdfsdk_document.cpp b/fpdfsdk/cpdfsdk_document.cpp
index ad4516d53c..66851c0ebb 100644
--- a/fpdfsdk/cpdfsdk_document.cpp
+++ b/fpdfsdk/cpdfsdk_document.cpp
@@ -135,9 +135,13 @@ void CPDFSDK_Document::RemovePageView(UnderlyingPageType* pUnderlyingPage) {
     return;
 
   CPDFSDK_PageView* pPageView = it->second;
-  if (pPageView->IsLocked())
+  if (pPageView->IsLocked() || pPageView->IsBeingDestroyed())
     return;
 
+  // Mark the page view so we do not come into |RemovePageView| a second
+  // time while we're in the process of removing.
+  pPageView->SetBeingDestroyed();
+
   // This must happen before we remove |pPageView| from the map because
   // |KillFocusAnnotIfNeeded| can call into the |GetPage| method which will
   // look for this page view in the map, if it doesn't find it a new one will
-- 
cgit v1.2.3