diff options
author | Tom Sepez <tsepez@chromium.org> | 2015-11-10 15:03:12 -0800 |
---|---|---|
committer | Tom Sepez <tsepez@chromium.org> | 2015-11-10 15:03:12 -0800 |
commit | 4f4603cc1b498bca3b1619006137e50ce80088c1 (patch) | |
tree | 9465160bf90344204f90e89e2df5a6698aba1135 /fpdfsdk/src/jsapi/fxjs_v8.cpp | |
parent | ec0fbd3c334a09b9c9da781e3e1dffbce9bf0733 (diff) | |
download | pdfium-4f4603cc1b498bca3b1619006137e50ce80088c1.tar.xz |
Segv when PDF-side JS object property getter invoked from XFA.
The PDF-side native objects require that the current v8 context
has been set-up to point at the state (via CJS_Runtime) for the
getters, setters, and methods to operate against. XFA doesn't
supply a context with that state, so at the first opportunity for
a PDF-side object to be leaked to XFA, set up the context to mimic
the PDF side.
Changed FXJS_GetRuntimeFromIsolate() to FXJS_GetRuntimeFromV8Context()
for consistency with the newly added method.
BUG=pdfium:266
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/1412103010 .
Diffstat (limited to 'fpdfsdk/src/jsapi/fxjs_v8.cpp')
-rw-r--r-- | fpdfsdk/src/jsapi/fxjs_v8.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/fpdfsdk/src/jsapi/fxjs_v8.cpp b/fpdfsdk/src/jsapi/fxjs_v8.cpp index 2ff515d0ab..3413d72bb3 100644 --- a/fpdfsdk/src/jsapi/fxjs_v8.cpp +++ b/fpdfsdk/src/jsapi/fxjs_v8.cpp @@ -287,7 +287,7 @@ void FXJS_InitializeRuntime(v8::Isolate* pIsolate, v8::Context::Scope context_scope(v8Context); FXJS_PerIsolateData::SetUp(pIsolate); - v8Context->SetAlignedPointerInEmbedderData(kPerContextDataIndex, pIRuntime); + FXJS_SetRuntimeForV8Context(v8Context, pIRuntime); int maxID = CFXJS_ObjDefinition::MaxID(pIsolate); for (int i = 0; i < maxID; ++i) { @@ -361,10 +361,14 @@ void FXJS_ReleaseRuntime(v8::Isolate* pIsolate, delete pData; } -IJS_Runtime* FXJS_GetRuntimeFromIsolate(v8::Isolate* pIsolate) { - v8::Local<v8::Context> context = pIsolate->GetCurrentContext(); +void FXJS_SetRuntimeForV8Context(v8::Local<v8::Context> v8Context, + IJS_Runtime* pIRuntime) { + v8Context->SetAlignedPointerInEmbedderData(kPerContextDataIndex, pIRuntime); +} + +IJS_Runtime* FXJS_GetRuntimeFromV8Context(v8::Local<v8::Context> v8Context) { return static_cast<IJS_Runtime*>( - context->GetAlignedPointerFromEmbedderData(kPerContextDataIndex)); + v8Context->GetAlignedPointerFromEmbedderData(kPerContextDataIndex)); } int FXJS_Execute(v8::Isolate* pIsolate, |