Avoid endless loop deleting CFGAS_GEFont.

Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.

Review-Url: https://codereview.chromium.org/2631703003
Committed: https://pdfium.googlesource.com/pdfium/+/783a7e048c677d26aaf3884304627bbe27cff546

[Tom Sepez, 2017-01-14 01:39:37]

The CQ bit was checked by tsepez@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-14 01:39:46]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Tom Sepez, 2017-01-14 01:41:08]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor,
the ref count has hit zero. We can't make a new ref
pointer to itself here, as it will re-invoke the destructor
when it goes out of scope.  Should have been an obvious
anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since
it retains a reference, and we wouldn't get to this destructor
while that is present.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to unique_ptrs in a few places found near this issue.

Fixing this reveale a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
not a good idea as it doesn't bump the ref count.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor,
the ref count has hit zero. We can't make a new ref
pointer to itself here, as it will re-invoke the destructor
when it goes out of scope.  Should have been an obvious
anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since
it retains a reference, and we wouldn't get to this destructor
while that is present.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to unique_ptrs in a few places found near this issue.

Fixing this reveale a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

[Tom Sepez, 2017-01-14 01:41:08]

tsepez@chromium.org changed reviewers:
+ dsinclair@chromium.org, npm@chromium.org

[Tom Sepez, 2017-01-14 01:43:14]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor,
the ref count has hit zero. We can't make a new ref
pointer to itself here, as it will re-invoke the destructor
when it goes out of scope.  Should have been an obvious
anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since
it retains a reference, and we wouldn't get to this destructor
while that is present.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to unique_ptrs in a few places found near this issue.

Fixing this reveale a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
Should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

[Tom Sepez, 2017-01-14 01:43:41]

Dan, npm, ready for review.

[Tom Sepez, 2017-01-14 01:44:23]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
Should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

[Tom Sepez, 2017-01-14 01:47:08]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

[Tom Sepez, 2017-01-14 01:50:25]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

[commit-bot: I haz the power, 2017-01-14 02:00:36]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-14 02:00:37]

Dry run: This issue passed the CQ dry run.

[dsinclair, 2017-01-16 21:47:35]

The CQ bit was checked by dsinclair@chromium.org

[dsinclair, 2017-01-16 21:47:35]

lgtm

[commit-bot: I haz the power, 2017-01-16 21:47:37]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-16 21:48:46]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-16 21:48:47]

Try jobs failed on following builders:
  android on master.tryserver.client.pdfium (JOB_FAILED,
https://build.chromium.org/p/tryserver.client.pdfium/builders/android/builds/...)

[npm, 2017-01-16 22:24:34]

lgtm

https://codereview.chromium.org/2631703003/diff/1/xfa/fxfa/app/cxfa_pieceline...
File xfa/fxfa/app/cxfa_pieceline.cpp (right):

https://codereview.chromium.org/2631703003/diff/1/xfa/fxfa/app/cxfa_pieceline...
xfa/fxfa/app/cxfa_pieceline.cpp:9: #include "xfa/fxfa/app/xfa_textpiece.h"
Why is this now needed?

[Tom Sepez, 2017-01-17 18:43:16]

On 2017/01/16 22:24:34, npm wrote:
> lgtm
> 
>
https://codereview.chromium.org/2631703003/diff/1/xfa/fxfa/app/cxfa_pieceline...
> File xfa/fxfa/app/cxfa_pieceline.cpp (right):
> 
>
https://codereview.chromium.org/2631703003/diff/1/xfa/fxfa/app/cxfa_pieceline...
> xfa/fxfa/app/cxfa_pieceline.cpp:9: #include "xfa/fxfa/app/xfa_textpiece.h"
> Why is this now needed?

The destructor must clean up the unique pointer member of this class, which
requires a complete type at the point at which the destructor is instantiated,
rather than just the class xxxx; declaration in the header.

[Tom Sepez, 2017-01-17 18:49:59]

The CQ bit was checked by tsepez@chromium.org

[Tom Sepez, 2017-01-17 18:49:59]

The patchset sent to the CQ was uploaded after l-g-t-m from
dsinclair@chromium.org, npm@chromium.org
Link to the patchset: https://codereview.chromium.org/2631703003/#ps20001
(title: "rebase")

[commit-bot: I haz the power, 2017-01-17 18:50:09]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-17 19:05:58]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1484678999469610,
"parent_rev": "b9fbe6e9af590a91ab030d2523a147e972816b32", "commit_rev":
"783a7e048c677d26aaf3884304627bbe27cff546"}

[commit-bot: I haz the power, 2017-01-17 19:06:01]

Description was changed from

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.
==========

to

==========
Avoid endless loop deleting CFGAS_GEFont.

It's a ref-counted class, so if we're in the destructor, the ref
count has hit zero. We can't make a new ref pointer to itself here,
as it will re-invoke the destructor when it goes out of scope. This
should have been an obvious anti-pattern in hindsight.

The object in question can't be in the m_pFontManager, since the font
manager retains a reference, and we wouldn't get to this destructor
while that is present. So the cleanup isn't required.

Fixing this revealed a free-delete mismatch in cxfa_textlayout.cpp.
I also converted to use unique_ptrs in a few places near this issue.

Fixing this revealed a UAF in CFGAS_GEFont, memcpy'ing a RetainPtr
is not a good idea as it doesn't bump the ref count.

Also protect and friend the CFGAS_GEFont destructor, to make sure
random deletes don't happen.

Also kill off a const cast, and remove unnecessary conversion to
retain_ptr when we already have one.

TEST=look for absence of -11 in XFA corpus test logs, bots not 
     currently noticing the segv.  Argh.

Review-Url: https://codereview.chromium.org/2631703003
Committed:
https://pdfium.googlesource.com/pdfium/+/783a7e048c677d26aaf3884304627bbe27cf...
==========

[commit-bot: I haz the power, 2017-01-17 19:06:02]

Committed patchset #2 (id:20001) as
https://pdfium.googlesource.com/pdfium/+/783a7e048c677d26aaf3884304627bbe27cf...