Tag XFA data bound to V8 Objects.

Because we don't want to trust anything V8 gives us back. Use a deep namespace so we can have a short declaration in the structs, but avoid collisions. Change-Id: Ibb832a5dcd34c652159c3343dd70c9e2ee561537 Reviewed-on: https://pdfium-review.googlesource.com/38972 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
author: Tom Sepez <tsepez@chromium.org> 2018-07-27 21:17:06 +0000
committer: Chromium commit bot <commit-bot@chromium.org> 2018-07-27 21:17:06 +0000
commit: 125eb3093a4632ee519041201ca904680f3a2245 (patch)
tree: e7a238e2d38f4e2d4926a7b38818c1ce896c6e14 /fxjs/cfxjse_class.cpp
parent: 6146214d30ab16825908fe6ef96cb6d597cc3ca9 (diff)
download: pdfium-125eb3093a4632ee519041201ca904680f3a2245.tar.xz
1 files changed, 34 insertions, 16 deletions
diff --git a/fxjs/cfxjse_class.cpp b/fxjs/cfxjse_class.cpp
index 67186ff66f..e7e54c8867 100644
--- a/fxjs/cfxjse_class.cpp
+++ b/fxjs/cfxjse_class.cpp
@@ -16,13 +16,25 @@
 #include "fxjs/js_resources.h"
 #include "third_party/base/ptr_util.h"
 
+using pdfium::fxjse::kFuncTag;
+using pdfium::fxjse::kClassTag;
+
 namespace {
 
+FXJSE_FUNCTION_DESCRIPTOR* AsFunctionDescriptor(void* ptr) {
+  auto* result = static_cast<FXJSE_FUNCTION_DESCRIPTOR*>(ptr);
+  return result && result->tag == kFuncTag ? result : nullptr;
+}
+
+FXJSE_CLASS_DESCRIPTOR* AsClassDescriptor(void* ptr) {
+  auto* result = static_cast<FXJSE_CLASS_DESCRIPTOR*>(ptr);
+  return result && result->tag == kClassTag ? result : nullptr;
+}
+
 void V8FunctionCallback_Wrapper(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   const FXJSE_FUNCTION_DESCRIPTOR* lpFunctionInfo =
-      static_cast<FXJSE_FUNCTION_DESCRIPTOR*>(
-          info.Data().As<v8::External>()->Value());
+      AsFunctionDescriptor(info.Data().As<v8::External>()->Value());
   if (!lpFunctionInfo)
     return;
 
@@ -42,8 +54,7 @@ void V8ConstructorCallback_Wrapper(
     return;
 
   const FXJSE_CLASS_DESCRIPTOR* lpClassDefinition =
-      static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-          info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value());
   if (!lpClassDefinition)
     return;
 
@@ -54,8 +65,8 @@ void V8ConstructorCallback_Wrapper(
 
 void Context_GlobalObjToString(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
-  const FXJSE_CLASS_DESCRIPTOR* lpClass = static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-      info.Data().As<v8::External>()->Value());
+  const FXJSE_CLASS_DESCRIPTOR* lpClass =
+      AsClassDescriptor(info.Data().As<v8::External>()->Value());
   if (!lpClass)
     return;
 
@@ -178,11 +189,13 @@ void NamedPropertyQueryCallback(
     v8::Local<v8::Name> property,
     const v8::PropertyCallbackInfo<v8::Integer>& info) {
   v8::Local<v8::Object> thisObject = info.Holder();
-  const FXJSE_CLASS_DESCRIPTOR* lpClass = static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-      info.Data().As<v8::External>()->Value());
-  v8::Isolate* pIsolate = info.GetIsolate();
-  v8::HandleScope scope(pIsolate);
-  v8::String::Utf8Value szPropName(pIsolate, property);
+  const FXJSE_CLASS_DESCRIPTOR* lpClass =
+      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+  if (!lpClass)
+    return;
+
+  v8::HandleScope scope(info.GetIsolate());
+  v8::String::Utf8Value szPropName(info.GetIsolate(), property);
   ByteStringView szFxPropName(*szPropName, szPropName.length());
   auto lpThisValue = pdfium::MakeUnique<CFXJSE_Value>(info.GetIsolate());
   lpThisValue->ForceSetValue(thisObject);
@@ -198,8 +211,11 @@ void NamedPropertyGetterCallback(
     v8::Local<v8::Name> property,
     const v8::PropertyCallbackInfo<v8::Value>& info) {
   v8::Local<v8::Object> thisObject = info.Holder();
-  const FXJSE_CLASS_DESCRIPTOR* lpClass = static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-      info.Data().As<v8::External>()->Value());
+  const FXJSE_CLASS_DESCRIPTOR* lpClass =
+      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+  if (!lpClass)
+    return;
+
   v8::String::Utf8Value szPropName(info.GetIsolate(), property);
   ByteStringView szFxPropName(*szPropName, szPropName.length());
   auto lpThisValue = pdfium::MakeUnique<CFXJSE_Value>(info.GetIsolate());
@@ -215,13 +231,15 @@ void NamedPropertySetterCallback(
     v8::Local<v8::Value> value,
     const v8::PropertyCallbackInfo<v8::Value>& info) {
   v8::Local<v8::Object> thisObject = info.Holder();
-  const FXJSE_CLASS_DESCRIPTOR* lpClass = static_cast<FXJSE_CLASS_DESCRIPTOR*>(
-      info.Data().As<v8::External>()->Value());
+  const FXJSE_CLASS_DESCRIPTOR* lpClass =
+      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+  if (!lpClass)
+    return;
+
   v8::String::Utf8Value szPropName(info.GetIsolate(), property);
   ByteStringView szFxPropName(*szPropName, szPropName.length());
   auto lpThisValue = pdfium::MakeUnique<CFXJSE_Value>(info.GetIsolate());
   lpThisValue->ForceSetValue(thisObject);
-
   auto lpNewValue = pdfium::MakeUnique<CFXJSE_Value>(info.GetIsolate());
   lpNewValue->ForceSetValue(value);
   DynPropSetterAdapter(lpClass, lpThisValue.get(), szFxPropName,
author	Tom Sepez <tsepez@chromium.org>	2018-07-27 21:17:06 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	2018-07-27 21:17:06 +0000
commit	125eb3093a4632ee519041201ca904680f3a2245 (patch)
tree	e7a238e2d38f4e2d4926a7b38818c1ce896c6e14 /fxjs/cfxjse_class.cpp
parent	6146214d30ab16825908fe6ef96cb6d597cc3ca9 (diff)
download	pdfium-125eb3093a4632ee519041201ca904680f3a2245.tar.xz