Google Git
Sign in
pdfium / pdfium.git / 0e71ce2b1e725da7919c201cb9e8cf3095194b1c^! / .
commit0e71ce2b1e725da7919c201cb9e8cf3095194b1c[log] [tgz]
authorMinh Tran <myoki.crystal@gmail.com>Mon Jul 29 22:28:49 2019 +0000
committerChromium commit bot <commit-bot@chromium.org>Mon Jul 29 22:28:49 2019 +0000
treef0d5487c93852677e123f84152ce23a6b26919ab
parentdfccee7d7d4883176770f3663b2cb76b7b40d337 [diff]
Observe CXFA_FFPageView across OnSetFocus() events.

CXFA_FFPageView object is destroyed by JS code of enter event.
Use ObservedPtr to catch this destruction.

Bug: chromium:982397
Change-Id: Ie7cd472f561eec410c9ccd5a25319fbd8e63b5ec
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/58390
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>

diff --git a/AUTHORS b/AUTHORS
index bd3e4bd..3c97237 100644
--- a/AUTHORS
+++ b/AUTHORS

@@ -33,6 +33,7 @@
 Matt Giuca <mgiuca@chromium.org>
 Michael Doppler <m.doppler@gmail.com>
 Miklos Vajna <vmiklos@vmiklos.hu>
+Minh Trần <myoki.crystal@gmail.com>
 Nico Weber <thakis@chromium.org>
 Nicolás Peña <npm@chromium.org>
 Peter Kasting <pkasting@chromium.org>

diff --git a/fpdfsdk/cpdfsdk_formfillenvironment.cpp b/fpdfsdk/cpdfsdk_formfillenvironment.cpp
old mode 100644
new mode 100755
index 9a5e726..81fd110
--- a/fpdfsdk/cpdfsdk_formfillenvironment.cpp
+++ b/fpdfsdk/cpdfsdk_formfillenvironment.cpp

@@ -669,6 +669,10 @@
   ObservedPtr<CPDFSDK_Annot> pLastFocusAnnot(m_pFocusAnnot.Get());
   if (!pAnnotHandler->Annot_OnChangeFocus(pAnnot, &pLastFocusAnnot))
     return false;
+
+  // |pAnnot| may be destroyed in |Annot_OnChangeFocus|.
+  if (!pAnnot->HasObservable())
+    return false;
 #endif  // PDF_ENABLE_XFA
   if (!pAnnotHandler->Annot_OnSetFocus(pAnnot, 0))
     return false;

diff --git a/fpdfsdk/cpdfsdk_xfawidgethandler.cpp b/fpdfsdk/cpdfsdk_xfawidgethandler.cpp
index bbecd7c..b6fc970 100644
--- a/fpdfsdk/cpdfsdk_xfawidgethandler.cpp
+++ b/fpdfsdk/cpdfsdk_xfawidgethandler.cpp

@@ -537,9 +537,14 @@
   if (!pXFAPageView)
     return true;
 
+  ObservedPtr<CXFA_FFPageView> pObservedXFAPageView(pXFAPageView);
   bool bRet = pXFAPageView->GetDocView()->SetFocus(hWidget);
-  if (pXFAPageView->GetDocView()->GetFocusWidget() == hWidget)
+
+  // Check |pXFAPageView| again because |SetFocus| can trigger JS to destroy it.
+  if (pObservedXFAPageView &&
+      pXFAPageView->GetDocView()->GetFocusWidget() == hWidget){
     bRet = true;
+  }
 
   return bRet;
 }

diff --git a/xfa/fxfa/cxfa_ffpageview.h b/xfa/fxfa/cxfa_ffpageview.h
old mode 100644
new mode 100755
index 768a3b9..d49c69c
--- a/xfa/fxfa/cxfa_ffpageview.h
+++ b/xfa/fxfa/cxfa_ffpageview.h

@@ -10,6 +10,7 @@
 #include <memory>
 #include <vector>
 
+#include "core/fxcrt/observed_ptr.h"
 #include "xfa/fxfa/layout/cxfa_contentlayoutitem.h"
 #include "xfa/fxfa/layout/cxfa_traversestrategy_layoutitem.h"
 #include "xfa/fxfa/layout/cxfa_viewlayoutitem.h"
@@ -17,7 +18,7 @@
 class CXFA_FFWidget;
 class CXFA_FFDocView;
 
-class CXFA_FFPageView {
+class CXFA_FFPageView : public Observable {
  public:
   CXFA_FFPageView(CXFA_FFDocView* pDocView, CXFA_Node* pPageArea);
   ~CXFA_FFPageView();