diff options
author | Tom Sepez <tsepez@chromium.org> | 2018-10-24 00:15:53 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-10-24 00:15:53 +0000 |
commit | d86805176f390e0fec1802aae7dbbf1d1d9f53b0 (patch) | |
tree | 435f3e3fc508a0b2ca1b74e23ae50fd46a8f0c8d /fxjs | |
parent | 61fd012d3805257021a03c42ff8e78f3fd66e768 (diff) | |
download | pdfium-d86805176f390e0fec1802aae7dbbf1d1d9f53b0.tar.xz |
Be more particular about FX objects constructed from JS
This is back-filling some more error cases from the work from
a few weeks ago.
Replaces a lambda with a static CallHandler() method since the
verbosity was increasing. It gets invoked if you try to make a new
FXJS object from the javascript side, rather than the C++ side.
Making such an object is a little tricky, since we don't give
these functions names in V8, but they can be obtained via constructor
property from an instance of the object.
Change-Id: Ibca686e75338ac54d08a114f36f930cd424a1eb5
Reviewed-on: https://pdfium-review.googlesource.com/c/44534
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'fxjs')
-rw-r--r-- | fxjs/cfxjs_engine.cpp | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/fxjs/cfxjs_engine.cpp b/fxjs/cfxjs_engine.cpp index c993a7dafa..d329e13205 100644 --- a/fxjs/cfxjs_engine.cpp +++ b/fxjs/cfxjs_engine.cpp @@ -126,15 +126,9 @@ class CFXJS_ObjDefinition { m_pIsolate(isolate) { v8::Isolate::Scope isolate_scope(isolate); v8::HandleScope handle_scope(isolate); - v8::Local<v8::FunctionTemplate> fun = v8::FunctionTemplate::New(isolate); fun->InstanceTemplate()->SetInternalFieldCount(2); - fun->SetCallHandler([](const v8::FunctionCallbackInfo<v8::Value>& info) { - v8::Local<v8::Object> holder = info.Holder(); - ASSERT(holder->InternalFieldCount() == 2); - holder->SetAlignedPointerInInternalField(0, nullptr); - holder->SetAlignedPointerInInternalField(1, nullptr); - }); + fun->SetCallHandler(CallHandler, v8::Number::New(isolate, eObjType)); if (eObjType == FXJSOBJTYPE_GLOBAL) { fun->InstanceTemplate()->Set( v8::Symbol::GetToStringTag(isolate), @@ -142,9 +136,29 @@ class CFXJS_ObjDefinition { .ToLocalChecked()); } m_FunctionTemplate.Reset(isolate, fun); + m_Signature.Reset(isolate, v8::Signature::New(isolate, fun)); + } - v8::Local<v8::Signature> sig = v8::Signature::New(isolate, fun); - m_Signature.Reset(isolate, sig); + static void CallHandler(const v8::FunctionCallbackInfo<v8::Value>& info) { + v8::Isolate* isolate = info.GetIsolate(); + if (!info.IsConstructCall()) { + isolate->ThrowException( + v8::String::NewFromUtf8(isolate, "illegal constructor", + v8::NewStringType::kNormal) + .ToLocalChecked()); + return; + } + if (info.Data().As<v8::Int32>()->Value() != FXJSOBJTYPE_DYNAMIC) { + isolate->ThrowException( + v8::String::NewFromUtf8(isolate, "not a dynamic object", + v8::NewStringType::kNormal) + .ToLocalChecked()); + return; + } + v8::Local<v8::Object> holder = info.Holder(); + ASSERT(holder->InternalFieldCount() == 2); + holder->SetAlignedPointerInInternalField(0, nullptr); + holder->SetAlignedPointerInInternalField(1, nullptr); } v8::Isolate* GetIsolate() const { return m_pIsolate.Get(); } |