diff options
author | Ryan Harrison <rharrison@chromium.org> | 2017-06-29 10:43:53 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-06-29 14:56:38 +0000 |
commit | 580c159e8b8b1d38454f98276a57caf1acce98e6 (patch) | |
tree | 78241a70729004a91eac15e8b795d494dab7c329 /fpdfsdk/javascript/JS_Object.h | |
parent | 1ef2f828f71e40437d82bb039dcb087c1beb7bd6 (diff) | |
download | pdfium-580c159e8b8b1d38454f98276a57caf1acce98e6.tar.xz |
Cleanup call expression handling in fm2js
Remove handling of arbitrary function calls, and only allow supported
function calls. Issues with the lexer being overly permissive led to
large blobs of javascript being dropped into the output. Specifically
driver code was assuming that anything marked as a function would just
be an identifier that could be inserted into the javascript, but the
lexer marks things like ()()() as a function, which would lead to the
following JS being inserted as an identifier.
This change is intended to be a patch for the specific issue that was
being seen from the fuzzer test, and further work will be needed to
make the lexer more strict.
BUG=724913
TEST=Ran fuzzer test case. Ran unittests,embeddertests,corpustests.
Change-Id: Ib7d9239bf6fece853bea0f4915ee4ad72d3cd290
Reviewed-on: https://pdfium-review.googlesource.com/7032
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'fpdfsdk/javascript/JS_Object.h')
0 files changed, 0 insertions, 0 deletions