From 022d13b85408beb400ce703bb5c59736adea208f Mon Sep 17 00:00:00 2001 From: Ryan Harrison Date: Fri, 15 Sep 2017 14:35:41 -0400 Subject: Add ObservedPtrs to KillFocus path This is to prevent use after free issues due to these calls causing reloads of content that have the side of effect of destroying windows. BUG=chromium:760455 Change-Id: I3f3947be8b32964783abf5577a24ba6a713b3476 Reviewed-on: https://pdfium-review.googlesource.com/14150 Commit-Queue: Ryan Harrison Reviewed-by: Tom Sepez --- fpdfsdk/pwl/cpwl_edit.cpp | 12 ++++++++++++ fpdfsdk/pwl/cpwl_wnd.cpp | 5 ++++- 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'fpdfsdk') diff --git a/fpdfsdk/pwl/cpwl_edit.cpp b/fpdfsdk/pwl/cpwl_edit.cpp index a6f6f2ac86..4558e432ac 100644 --- a/fpdfsdk/pwl/cpwl_edit.cpp +++ b/fpdfsdk/pwl/cpwl_edit.cpp @@ -340,14 +340,26 @@ void CPWL_Edit::OnSetFocus() { } void CPWL_Edit::OnKillFocus() { + ObservedPtr observed_ptr = ObservedPtr(this); CPWL_ScrollBar* pScroll = GetVScrollBar(); if (pScroll && pScroll->IsVisible()) { pScroll->SetVisible(false); + if (!observed_ptr) + return; + Move(m_rcOldWindow, true, true); } + if (!observed_ptr) + return; m_pEdit->SelectNone(); + if (!observed_ptr) + return; + SetCaret(false, CFX_PointF(), CFX_PointF()); + if (!observed_ptr) + return; + SetCharSet(FX_CHARSET_ANSI); m_bFocus = false; } diff --git a/fpdfsdk/pwl/cpwl_wnd.cpp b/fpdfsdk/pwl/cpwl_wnd.cpp index 53c692dada..e26df4d199 100644 --- a/fpdfsdk/pwl/cpwl_wnd.cpp +++ b/fpdfsdk/pwl/cpwl_wnd.cpp @@ -44,7 +44,7 @@ PWL_CREATEPARAM::PWL_CREATEPARAM() PWL_CREATEPARAM::PWL_CREATEPARAM(const PWL_CREATEPARAM& other) = default; -class CPWL_MsgControl { +class CPWL_MsgControl : public CFX_Observable { friend class CPWL_Wnd; public: @@ -96,9 +96,12 @@ class CPWL_MsgControl { } void KillFocus() { + ObservedPtr observed_ptr = ObservedPtr(this); if (!m_aKeyboardPath.empty()) if (CPWL_Wnd* pWnd = m_aKeyboardPath[0]) pWnd->OnKillFocus(); + if (!observed_ptr) + return; m_pMainKeyboardWnd = nullptr; m_aKeyboardPath.clear(); -- cgit v1.2.3