diff options
| author | Tom Sepez <tsepez@chromium.org> | 2015-11-10 15:03:12 -0800 |
|---|---|---|
| committer | Tom Sepez <tsepez@chromium.org> | 2015-11-10 15:03:12 -0800 |
| commit | 4f4603cc1b498bca3b1619006137e50ce80088c1 (patch) | |
| tree | 9465160bf90344204f90e89e2df5a6698aba1135 /fpdfsdk/src/javascript/JS_Runtime.cpp | |
| parent | ec0fbd3c334a09b9c9da781e3e1dffbce9bf0733 (diff) | |
| download | pdfium-4f4603cc1b498bca3b1619006137e50ce80088c1.tar.xz | |
Segv when PDF-side JS object property getter invoked from XFA.
The PDF-side native objects require that the current v8 context
has been set-up to point at the state (via CJS_Runtime) for the
getters, setters, and methods to operate against. XFA doesn't
supply a context with that state, so at the first opportunity for
a PDF-side object to be leaked to XFA, set up the context to mimic
the PDF side.
Changed FXJS_GetRuntimeFromIsolate() to FXJS_GetRuntimeFromV8Context()
for consistency with the newly added method.
BUG=pdfium:266
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1412103010 .
Diffstat (limited to 'fpdfsdk/src/javascript/JS_Runtime.cpp')
| -rw-r--r-- | fpdfsdk/src/javascript/JS_Runtime.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/fpdfsdk/src/javascript/JS_Runtime.cpp b/fpdfsdk/src/javascript/JS_Runtime.cpp index 8b0475b851..ecb53d2d72 100644 --- a/fpdfsdk/src/javascript/JS_Runtime.cpp +++ b/fpdfsdk/src/javascript/JS_Runtime.cpp @@ -245,12 +245,20 @@ FX_BOOL CJS_Runtime::GetHValueByName(const CFX_ByteStringC& utf8Name, v8::Locker lock(GetIsolate()); v8::Isolate::Scope isolate_scope(GetIsolate()); v8::HandleScope handle_scope(GetIsolate()); + v8::Local<v8::Context> old_context = GetIsolate()->GetCurrentContext(); v8::Local<v8::Context> context = v8::Local<v8::Context>::New(GetIsolate(), m_context); v8::Context::Scope context_scope(context); - // v8::Local<v8::Context> tmpCotext = - // v8::Local<v8::Context>::New(GetIsolate(), m_context); + // Caution: We're about to hand to XFA an object that in order to invoke + // methods will require that the current v8::Context always has a pointer + // to a CJS_Runtime in its embedder data slot. Unfortunately, XFA creates + // its own v8::Context which has not initialized the embedder data slot. + // Do so now. + // TODO(tsepez): redesign PDF-side objects to not rely on v8::Context's + // embedder data slots, and/or to always use the right context. + FXJS_SetRuntimeForV8Context(old_context, this); + v8::Local<v8::Value> propvalue = context->Global()->Get(v8::String::NewFromUtf8( GetIsolate(), name, v8::String::kNormalString, utf8Name.GetLength())); |