Null UnownedPtr<T>::m_pObj on destruction. This makes UnownedPtr<T> more compatible with the implementation of chromium's raw_ptr<T> in //base/memory/raw_ptr.h, and may offer some slight additional UaF protection in release builds. Change-Id: Ie52318b58089b6a7d5102925b487d7045018731c Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/84212 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>

commit: 2a2c2762cded2294ae8cfd571a59af7d3fa52d79 [log] [tgz]
author: Tom Sepez <tsepez@chromium.org> Wed Aug 18 01:25:45 2021 +0000
committer: Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Aug 18 01:25:45 2021 +0000
tree: d5ea042327c0fdc858033daab84ccae25826486e
parent: 4010e08466404ca916f6944cc2973ad13c14e2d6 [diff]
diff --git a/core/fxcrt/unowned_ptr.h b/core/fxcrt/unowned_ptr.h
index 1210248..a510336 100644
--- a/core/fxcrt/unowned_ptr.h
+++ b/core/fxcrt/unowned_ptr.h

@@ -60,7 +60,10 @@
   // NOLINTNEXTLINE(runtime/explicit)
   constexpr UnownedPtr(std::nullptr_t ptr) noexcept {}
 
-  ~UnownedPtr() { ProbeForLowSeverityLifetimeIssue(); }
+  ~UnownedPtr() {
+    ProbeForLowSeverityLifetimeIssue();
+    m_pObj = nullptr;
+  }
 
   void Reset(T* obj = nullptr) {
     ProbeForLowSeverityLifetimeIssue();
commit	2a2c2762cded2294ae8cfd571a59af7d3fa52d79	[log] [tgz]
author	Tom Sepez <tsepez@chromium.org>	Wed Aug 18 01:25:45 2021 +0000
committer	Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Wed Aug 18 01:25:45 2021 +0000
tree	d5ea042327c0fdc858033daab84ccae25826486e
parent	4010e08466404ca916f6944cc2973ad13c14e2d6 [diff]