diff options
author | dsinclair <dsinclair@chromium.org> | 2016-06-20 06:06:31 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-06-20 06:06:31 -0700 |
commit | 7d554c9dabeb7474dbdabbbf7d01a4abaa7f65a0 (patch) | |
tree | 4a7252845510ae272d5eb94cdd24930972412c1c | |
parent | eec3a366adbfada36b98f1de651546ee09df8fc0 (diff) | |
download | pdfium-7d554c9dabeb7474dbdabbbf7d01a4abaa7f65a0.tar.xz |
Speculative fix for FXJS_InitializeRuntime crash.
The call to GetGlobalObjectTemplate() in FXJS_InitializeRuntime() will call
into CFXJS_ObjDefinition::MaxID() which will call FXJS_PerIsolateData() on
the provided isolate. We, currently, create the isolate data after we make this
call which seems like it would lead to bad things. This CL moves the PerIsolate
data creation earlier in the process.
BUG=chromium:612918
Review-Url: https://codereview.chromium.org/2069763002
-rw-r--r-- | fpdfsdk/jsapi/fxjs_v8.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fpdfsdk/jsapi/fxjs_v8.cpp b/fpdfsdk/jsapi/fxjs_v8.cpp index c63ef7ae89..283fac978a 100644 --- a/fpdfsdk/jsapi/fxjs_v8.cpp +++ b/fpdfsdk/jsapi/fxjs_v8.cpp @@ -331,11 +331,15 @@ void FXJS_InitializeRuntime( v8::Isolate::Scope isolate_scope(pIsolate); v8::HandleScope handle_scope(pIsolate); + + // This has to happen before we call GetGlobalObjectTemplate because that + // method gets the PerIsolateData from pIsolate. + FXJS_PerIsolateData::SetUp(pIsolate); + v8::Local<v8::Context> v8Context = v8::Context::New(pIsolate, nullptr, GetGlobalObjectTemplate(pIsolate)); v8::Context::Scope context_scope(v8Context); - FXJS_PerIsolateData::SetUp(pIsolate); FXJS_PerIsolateData* pData = FXJS_PerIsolateData::Get(pIsolate); if (!pData) return; |