summaryrefslogtreecommitdiff
path: root/fpdfsdk/javascript/JS_Object.h
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2017-06-29 10:43:53 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-06-29 14:56:38 +0000
commit580c159e8b8b1d38454f98276a57caf1acce98e6 (patch)
tree78241a70729004a91eac15e8b795d494dab7c329 /fpdfsdk/javascript/JS_Object.h
parent1ef2f828f71e40437d82bb039dcb087c1beb7bd6 (diff)
downloadpdfium-580c159e8b8b1d38454f98276a57caf1acce98e6.tar.xz
Cleanup call expression handling in fm2js
Remove handling of arbitrary function calls, and only allow supported function calls. Issues with the lexer being overly permissive led to large blobs of javascript being dropped into the output. Specifically driver code was assuming that anything marked as a function would just be an identifier that could be inserted into the javascript, but the lexer marks things like ()()() as a function, which would lead to the following JS being inserted as an identifier. This change is intended to be a patch for the specific issue that was being seen from the fuzzer test, and further work will be needed to make the lexer more strict. BUG=724913 TEST=Ran fuzzer test case. Ran unittests,embeddertests,corpustests. Change-Id: Ib7d9239bf6fece853bea0f4915ee4ad72d3cd290 Reviewed-on: https://pdfium-review.googlesource.com/7032 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fpdfsdk/javascript/JS_Object.h')
0 files changed, 0 insertions, 0 deletions