diff options
| author | Tom Sepez <tsepez@chromium.org> | 2017-05-31 10:29:25 -0700 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-06-01 16:15:05 +0000 |
| commit | fb7021ce035587c460c0ed91584ca05999e60ddd (patch) | |
| tree | e97ae30e1f37acedab88d8eb027964e6c9c6e5e3 | |
| parent | 19cda483c13d978c43eb5bebe1b7f803161864bb (diff) | |
| download | pdfium-fb7021ce035587c460c0ed91584ca05999e60ddd.tar.xz | |
Be less trusting of MaybeLocal<> return types from V8 To* methods.
Calling ToLocalChecked() will crash otherwise.
Bug: 707673
Change-Id: I66a5b36d8cf1710a725e30c2d14a195d08ef25a4
Reviewed-on: https://pdfium-review.googlesource.com/6130
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
| -rw-r--r-- | fpdfsdk/fpdfformfill_embeddertest.cpp | 18 | ||||
| -rw-r--r-- | fxjs/fxjs_v8.cpp | 20 | ||||
| -rw-r--r-- | testing/resources/bug_707673.pdf | bin | 0 -> 33762 bytes |
3 files changed, 34 insertions, 4 deletions
diff --git a/fpdfsdk/fpdfformfill_embeddertest.cpp b/fpdfsdk/fpdfformfill_embeddertest.cpp index 631a6a2e7c..8718a43d83 100644 --- a/fpdfsdk/fpdfformfill_embeddertest.cpp +++ b/fpdfsdk/fpdfformfill_embeddertest.cpp @@ -201,6 +201,24 @@ TEST_F(FPDFFormFillEmbeddertest, BUG_679649) { EXPECT_EQ(0u, alerts.size()); } +TEST_F(FPDFFormFillEmbeddertest, BUG_707673) { + EmbedderTestTimerHandlingDelegate delegate; + SetDelegate(&delegate); + + EXPECT_TRUE(OpenDocument("bug_707673.pdf")); + FPDF_PAGE page = LoadPage(0); + EXPECT_TRUE(page); + + DoOpenActions(); + FORM_OnLButtonDown(form_handle(), page, 0, 140, 590); + FORM_OnLButtonUp(form_handle(), page, 0, 140, 590); + delegate.AdvanceTime(1000); + UnloadPage(page); + + const auto& alerts = delegate.GetAlerts(); + EXPECT_EQ(0u, alerts.size()); +} + #endif // PDF_ENABLE_V8 TEST_F(FPDFFormFillEmbeddertest, FormText) { diff --git a/fxjs/fxjs_v8.cpp b/fxjs/fxjs_v8.cpp index 7f5e5cb8b5..ce7dc50e63 100644 --- a/fxjs/fxjs_v8.cpp +++ b/fxjs/fxjs_v8.cpp @@ -701,28 +701,40 @@ int CFXJS_Engine::ToInt32(v8::Local<v8::Value> pValue) { if (pValue.IsEmpty()) return 0; v8::Local<v8::Context> context = m_isolate->GetCurrentContext(); - return pValue->ToInt32(context).ToLocalChecked()->Value(); + v8::MaybeLocal<v8::Int32> maybe_int32 = pValue->ToInt32(context); + if (maybe_int32.IsEmpty()) + return 0; + return maybe_int32.ToLocalChecked()->Value(); } bool CFXJS_Engine::ToBoolean(v8::Local<v8::Value> pValue) { if (pValue.IsEmpty()) return false; v8::Local<v8::Context> context = m_isolate->GetCurrentContext(); - return pValue->ToBoolean(context).ToLocalChecked()->Value(); + v8::MaybeLocal<v8::Boolean> maybe_boolean = pValue->ToBoolean(context); + if (maybe_boolean.IsEmpty()) + return false; + return maybe_boolean.ToLocalChecked()->Value(); } double CFXJS_Engine::ToDouble(v8::Local<v8::Value> pValue) { if (pValue.IsEmpty()) return 0.0; v8::Local<v8::Context> context = m_isolate->GetCurrentContext(); - return pValue->ToNumber(context).ToLocalChecked()->Value(); + v8::MaybeLocal<v8::Number> maybe_number = pValue->ToNumber(context); + if (maybe_number.IsEmpty()) + return 0.0; + return maybe_number.ToLocalChecked()->Value(); } CFX_WideString CFXJS_Engine::ToWideString(v8::Local<v8::Value> pValue) { if (pValue.IsEmpty()) return CFX_WideString(); v8::Local<v8::Context> context = m_isolate->GetCurrentContext(); - v8::String::Utf8Value s(pValue->ToString(context).ToLocalChecked()); + v8::MaybeLocal<v8::String> maybe_string = pValue->ToString(context); + if (maybe_string.IsEmpty()) + return CFX_WideString(); + v8::String::Utf8Value s(maybe_string.ToLocalChecked()); return CFX_WideString::FromUTF8(CFX_ByteStringC(*s, s.length())); } diff --git a/testing/resources/bug_707673.pdf b/testing/resources/bug_707673.pdf Binary files differnew file mode 100644 index 0000000000..4f412bc735 --- /dev/null +++ b/testing/resources/bug_707673.pdf |