From 6a3fc45b9e238d9b7b601cb13be664391d393b42 Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Tue, 13 Jun 2017 14:04:02 -0700
Subject: Add more checks for destroyed annotations in CFFL_FormFiller.

CFFL_FormFiller::CommitData() should check more rigorously and so should
its callers.

BUG=chromium:732051

Change-Id: If0cee8fb61de10dc7678dad89c330d75bee55aa4
Reviewed-on: https://pdfium-review.googlesource.com/6530
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 fpdfsdk/formfiller/cffl_formfiller.cpp | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'fpdfsdk/formfiller/cffl_formfiller.cpp')

diff --git a/fpdfsdk/formfiller/cffl_formfiller.cpp b/fpdfsdk/formfiller/cffl_formfiller.cpp
index 98a14e61af..cd531413c2 100644
--- a/fpdfsdk/formfiller/cffl_formfiller.cpp
+++ b/fpdfsdk/formfiller/cffl_formfiller.cpp
@@ -258,7 +258,8 @@ void CFFL_FormFiller::KillFocusForAnnot(CPDFSDK_Annot* pAnnot, uint32_t nFlag) {
   if (!pPageView)
     return;
 
-  CommitData(pPageView, nFlag);
+  if (!CommitData(pPageView, nFlag))
+    return;
 
   if (CPWL_Wnd* pWnd = GetPDFWindow(pPageView, false))
     pWnd->KillFocus();
@@ -493,25 +494,37 @@ bool CFFL_FormFiller::CommitData(CPDFSDK_PageView* pPageView, uint32_t nFlag) {
         m_pFormFillEnv->GetInteractiveFormFiller();
     CPDFSDK_Annot::ObservedPtr pObserved(m_pWidget.Get());
     pFormFiller->OnKeyStrokeCommit(&pObserved, pPageView, bRC, bExit, nFlag);
-    if (!pObserved || bExit)
+    if (!pObserved)
+      return false;
+    if (bExit)
       return true;
     if (!bRC) {
       ResetPDFWindow(pPageView, false);
       return true;
     }
+
     pFormFiller->OnValidate(&pObserved, pPageView, bRC, bExit, nFlag);
-    if (!pObserved || bExit)
+    if (!pObserved)
+      return false;
+    if (bExit)
       return true;
     if (!bRC) {
       ResetPDFWindow(pPageView, false);
       return true;
     }
+
     SaveData(pPageView);
     pFormFiller->OnCalculate(m_pWidget.Get(), pPageView, bExit, nFlag);
+    if (!pObserved)
+      return false;
     if (bExit)
       return true;
 
     pFormFiller->OnFormat(m_pWidget.Get(), pPageView, bExit, nFlag);
+    if (!pObserved)
+      return false;
+    if (bExit)
+      return true;
   }
   return true;
 }
-- 
cgit v1.2.3