Make Internal field usage in cfxjs_engine match README.doc

As it turns out, this doesn't cause any bugs with the FXJS/FXJSE interaction since the magic values will never be present in the other slot, but the code looks wrong wrt. the document. Also fix an assert in FXJSE that our objects have two slots, and null appropriately (just a defensive measure). Also assert that one of our casts is valid. Change-Id: I3146fe58350da5e9b76e711d81480565dabd587f Reviewed-on: https://pdfium-review.googlesource.com/29859 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
author: Tom Sepez <tsepez@chromium.org> 2018-04-05 22:41:53 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-04-05 22:41:53 +0000
commit: 4862705090a7469115ae7e3c80143b6f8b6b527a (patch)
tree: a7894aa174e3621bfa15e4070e418ee2b1f01f31
parent: 0c5928825d0bc0c397e90d2c4861feaf9bdc6d24 (diff)
download: pdfium-4862705090a7469115ae7e3c80143b6f8b6b527a.tar.xz
6 files changed, 39 insertions, 23 deletions
diff --git a/fxjs/README b/fxjs/README
index adc5827dbe..a38e746d4e 100644
--- a/fxjs/README
+++ b/fxjs/README
@@ -28,6 +28,8 @@ tag and contains either:
     formcalc_fm2js_descriptor
 
 Slot 1's contents are determined by these tags:
-  kPerObjectDataTag means to expect a CFXJS_PerObjectData.
-  g_FXJSETagString means to expect a CFXJSE_HostObject.
-  A FXJSE_CLASS_DESCRIPTOR pointer means to expect a v8 function.
+  kPerObjectDataTag means an aligned pointer to CFXJS_PerObjectData.
+  g_FXJSETagString means an aligned pointer to CFXJSE_HostObject.
+  A FXJSE_CLASS_DESCRIPTOR pointer means to expect an actual v8 function
+  object, and not an aligned pointer.
+
diff --git a/fxjs/cfxjs_engine.cpp b/fxjs/cfxjs_engine.cpp
index 561a0a31f9..54aa28cf4b 100644
--- a/fxjs/cfxjs_engine.cpp
+++ b/fxjs/cfxjs_engine.cpp
@@ -93,20 +93,20 @@ class CFXJS_PerObjectData {
   static void SetInObject(CFXJS_PerObjectData* pData,
                           v8::Local<v8::Object> pObj) {
     if (pObj->InternalFieldCount() == 2) {
-      pObj->SetAlignedPointerInInternalField(0, pData);
       pObj->SetAlignedPointerInInternalField(
-          1, static_cast<void*>(kPerObjectDataTag));
+          0, static_cast<void*>(kPerObjectDataTag));
+      pObj->SetAlignedPointerInInternalField(1, pData);
     }
   }
 
   static CFXJS_PerObjectData* GetFromObject(v8::Local<v8::Object> pObj) {
     if (pObj.IsEmpty() || pObj->InternalFieldCount() != 2 ||
-        pObj->GetAlignedPointerFromInternalField(1) !=
+        pObj->GetAlignedPointerFromInternalField(0) !=
             static_cast<void*>(kPerObjectDataTag)) {
       return nullptr;
     }
     return static_cast<CFXJS_PerObjectData*>(
-        pObj->GetAlignedPointerFromInternalField(0));
+        pObj->GetAlignedPointerFromInternalField(1));
   }
 
   const int m_ObjDefID;
diff --git a/fxjs/cfxjse_class.cpp b/fxjs/cfxjse_class.cpp
index dd2181b853..c35ee4aa29 100644
--- a/fxjs/cfxjse_class.cpp
+++ b/fxjs/cfxjse_class.cpp
@@ -47,8 +47,9 @@ void V8ConstructorCallback_Wrapper(
   if (!lpClassDefinition)
     return;
 
-  ASSERT(info.Holder()->InternalFieldCount());
+  ASSERT(info.Holder()->InternalFieldCount() == 2);
   info.Holder()->SetAlignedPointerInInternalField(0, nullptr);
+  info.Holder()->SetAlignedPointerInInternalField(1, nullptr);
 }
 
 void Context_GlobalObjToString(
@@ -75,11 +76,19 @@ void Context_GlobalObjToString(
 void DynPropGetterAdapter_MethodCallback(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   v8::Local<v8::Object> hCallBackInfo = info.Data().As<v8::Object>();
-  FXJSE_CLASS_DESCRIPTOR* lpClass = static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-      hCallBackInfo->GetAlignedPointerFromInternalField(0));
+  ASSERT(hCallBackInfo->InternalFieldCount() == 2);
+
+  const FXJSE_CLASS_DESCRIPTOR* lpClass =
+      static_cast<const FXJSE_CLASS_DESCRIPTOR*>(
+          hCallBackInfo->GetAlignedPointerFromInternalField(0));
+  ASSERT(lpClass == &GlobalClassDescriptor ||
+         lpClass == &NormalClassDescriptor ||
+         lpClass == &VariablesClassDescriptor ||
+         lpClass == &kFormCalcFM2JSDescriptor);
+
   v8::Local<v8::String> hPropName =
       hCallBackInfo->GetInternalField(1).As<v8::String>();
-  ASSERT(lpClass && !hPropName.IsEmpty());
+  ASSERT(!hPropName.IsEmpty());
 
   v8::String::Utf8Value szPropName(info.GetIsolate(), hPropName);
   WideString szFxPropName = WideString::FromUTF8(*szPropName);
diff --git a/fxjs/cfxjse_engine.cpp b/fxjs/cfxjse_engine.cpp
index c634c72a43..f0c522f018 100644
--- a/fxjs/cfxjse_engine.cpp
+++ b/fxjs/cfxjse_engine.cpp
@@ -31,8 +31,6 @@
 #include "xfa/fxfa/parser/xfa_resolvenode_rs.h"
 #include "xfa/fxfa/parser/xfa_utils.h"
 
-namespace {
-
 const FXJSE_CLASS_DESCRIPTOR GlobalClassDescriptor = {
     "Root",   // name
     nullptr,  // methods
@@ -63,6 +61,8 @@ const FXJSE_CLASS_DESCRIPTOR VariablesClassDescriptor = {
     CFXJSE_Engine::NormalMethodCall,
 };
 
+namespace {
+
 const char kFormCalcRuntime[] = "pfm_rt";
 
 CXFA_ThisProxy* ToThisProxy(CFXJSE_Value* pValue, CFXJSE_Class* pClass) {
diff --git a/fxjs/cfxjse_formcalc_context.cpp b/fxjs/cfxjse_formcalc_context.cpp
index 4ad3861dfe..85d0ef8d57 100644
--- a/fxjs/cfxjse_formcalc_context.cpp
+++ b/fxjs/cfxjse_formcalc_context.cpp
@@ -311,16 +311,6 @@ const FXJSE_FUNCTION_DESCRIPTOR kFormCalcFM2JSFunctions[] = {
     {"var_filter", CFXJSE_FormCalcContext::fm_var_filter},
 };
 
-const FXJSE_CLASS_DESCRIPTOR kFormCalcFM2JSDescriptor = {
-    "XFA_FM2JS_FormCalcClass",              // name
-    kFormCalcFM2JSFunctions,                // methods
-    FX_ArraySize(kFormCalcFM2JSFunctions),  // number of methods
-    nullptr,                                // dynamic prop type
-    nullptr,                                // dynamic prop getter
-    nullptr,                                // dynamic prop setter
-    nullptr,                                // dynamic prop method call
-};
-
 const uint8_t kAltTableDate[] = {
     255, 255, 255, 3,   9,   255, 255, 255, 255, 255, 255,
     255, 2,   255, 255, 255, 255, 255, 255, 255, 255, 255,
@@ -615,6 +605,16 @@ double ByteStringToDouble(const ByteStringView& szStringVal) {
 
 }  // namespace
 
+const FXJSE_CLASS_DESCRIPTOR kFormCalcFM2JSDescriptor = {
+    "XFA_FM2JS_FormCalcClass",              // name
+    kFormCalcFM2JSFunctions,                // methods
+    FX_ArraySize(kFormCalcFM2JSFunctions),  // number of methods
+    nullptr,                                // dynamic prop type
+    nullptr,                                // dynamic prop getter
+    nullptr,                                // dynamic prop setter
+    nullptr,                                // dynamic prop method call
+};
+
 // static
 void CFXJSE_FormCalcContext::Abs(CFXJSE_Value* pThis,
                                  const ByteStringView& szFuncName,
diff --git a/fxjs/fxjse.h b/fxjs/fxjse.h
index 873fcf50d2..addd148117 100644
--- a/fxjs/fxjse.h
+++ b/fxjs/fxjse.h
@@ -65,6 +65,11 @@ struct FXJSE_CLASS_DESCRIPTOR {
   FXJSE_MethodCallback dynMethodCall;
 };
 
+extern const FXJSE_CLASS_DESCRIPTOR GlobalClassDescriptor;
+extern const FXJSE_CLASS_DESCRIPTOR NormalClassDescriptor;
+extern const FXJSE_CLASS_DESCRIPTOR VariablesClassDescriptor;
+extern const FXJSE_CLASS_DESCRIPTOR kFormCalcFM2JSDescriptor;
+
 void FXJSE_ThrowMessage(const ByteStringView& utf8Message);
 
 #endif  // FXJS_FXJSE_H_
author	Tom Sepez <tsepez@chromium.org>	2018-04-05 22:41:53 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-04-05 22:41:53 +0000
commit	4862705090a7469115ae7e3c80143b6f8b6b527a (patch)
tree	a7894aa174e3621bfa15e4070e418ee2b1f01f31
parent	0c5928825d0bc0c397e90d2c4861feaf9bdc6d24 (diff)
download	pdfium-4862705090a7469115ae7e3c80143b6f8b6b527a.tar.xz