commit a6646dbea44e0da6e789e5bb2cc8972afa678270
author Tom Sepez <tsepez@chromium.org> Wed Jun 22 21:56:03 2022 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Jun 22 21:56:03 2022 +0000
tree 4fc9fe1fb44d27ad666bcbd21312de28de489ccc
parent 7251b16a3cc1b1263f70815d8d9ae8036430a526

Observe PageViews across CPDFSDK_FormFillEnvironment::m_PageMap iter

These could theoretically pop out of existence, causing the iterator
to go stale. Since the map owns the pageview, we can use the pageview
as a proxy for iterator validity.

Bug: chromium:962815
Change-Id: I84e68b767124a762917ef28e37f94c290be92077
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/94631
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>

fpdfsdk/cpdfsdk_formfillenvironment.cpp

diff --git a/fpdfsdk/cpdfsdk_formfillenvironment.cpp b/fpdfsdk/cpdfsdk_formfillenvironment.cpp
index b73f971..3492b99 100644
--- a/fpdfsdk/cpdfsdk_formfillenvironment.cpp
+++ b/fpdfsdk/cpdfsdk_formfillenvironment.cpp
@@ -598,8 +598,12 @@
 
 void CPDFSDK_FormFillEnvironment::ClearAllFocusedAnnots() {
   for (auto& it : m_PageMap) {
-    if (it.second->IsValidSDKAnnot(GetFocusAnnot()))
+    if (it.second->IsValidSDKAnnot(GetFocusAnnot())) {
+      ObservedPtr<CPDFSDK_PageView> pObserved(it.second.get());
       KillFocusAnnot({});
+      if (!pObserved)
+        break;
+    }
   }
 }
 
@@ -709,9 +713,12 @@
 
 void CPDFSDK_FormFillEnvironment::UpdateAllViews(CPDFSDK_Annot* pAnnot) {
   for (const auto& it : m_PageMap) {
-    CPDFSDK_PageView* pPageView = it.second.get();
-    if (pPageView)
-      pPageView->UpdateView(pAnnot);
+    ObservedPtr<CPDFSDK_PageView> pObserved(it.second.get());
+    if (pObserved) {
+      pObserved->UpdateView(pAnnot);
+      if (!pObserved)
+        break;
+    }
   }
 }