diff options
| author | tsepez <tsepez@chromium.org> | 2016-05-27 17:45:00 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-05-27 17:45:00 -0700 |
| commit | 3a005f22703b9303a306bf34cbd17c3729f763aa (patch) | |
| tree | 9f640eaedbcbdf5b24641f33da1a110241feca82 /xfa/fxfa | |
| parent | 2f109ab836682cb465270ed303d27955db97d98f (diff) | |
| download | pdfium-3a005f22703b9303a306bf34cbd17c3729f763aa.tar.xz | |
Workaround dubious casting between CXFA_Object and void* in FXJSE
This is just a crock to get things working until we fix the
underlying issue.
When there's single-inheritance, it may often work in practice
to C-style (reinterpret) cast a Derived* ptr to void* and then
back to a Base* ptr. One place where this blows up is if
Derived has virtual functions but Base does not, in which case
the world will be offset by the size of a vtable ptr.
Because of the use of void* types in FXJSE, the above was happening
when setting a CXFA_ThisProxy (Derived, virtual) to be a global
object (void*). This would then be cast back to a CFXA_Object
(Base, non-virtual) and chaos is ensured.
Not sure how far back this goes.
Along the way, pick up some tidying which was necessary for
simplicity while tracking this down.
BUG=613607
Review-Url: https://codereview.chromium.org/2015143005
Diffstat (limited to 'xfa/fxfa')
| -rw-r--r-- | xfa/fxfa/fm2js/xfa_fm2jscontext.cpp | 3 | ||||
| -rw-r--r-- | xfa/fxfa/parser/xfa_object.h | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp b/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp index 40d8bcf5f4..2c8a362807 100644 --- a/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp +++ b/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp @@ -3347,7 +3347,8 @@ void CXFA_FM2JSContext::Eval(CFXJSE_Value* pThis, XFA_FM2JS_Translate( CFX_WideString::FromUTF8(utf8ScriptString.AsStringC()).AsStringC(), wsJavaScriptBuf, wsError); - CFXJSE_Context* pContext = FXJSE_Context_Create(pIsolate); + CFXJSE_Context* pContext = + FXJSE_Context_Create(pIsolate, nullptr, nullptr); CFXJSE_Value* returnValue = FXJSE_Value_Create(pIsolate); javaScript = wsJavaScriptBuf.AsStringC(); FXJSE_ExecuteScript( diff --git a/xfa/fxfa/parser/xfa_object.h b/xfa/fxfa/parser/xfa_object.h index 28d4712e46..8fc074c08f 100644 --- a/xfa/fxfa/parser/xfa_object.h +++ b/xfa/fxfa/parser/xfa_object.h @@ -41,9 +41,12 @@ enum XFA_OBJECTTYPE { XFA_NODEFLAG_UnusedNode = 0x08000, XFA_NODEFLAG_LayoutGeneratedNode = 0x10000, }; + class CXFA_Object { public: CXFA_Object(CXFA_Document* pDocument, uint32_t uFlags); + virtual ~CXFA_Object() {} + CXFA_Document* GetDocument() const { return m_pDocument; } uint32_t GetFlag() const { return m_uFlags; } XFA_OBJECTTYPE GetObjectType() const { @@ -590,7 +593,7 @@ class CXFA_Node : public CXFA_Object { protected: CXFA_Node(CXFA_Document* pDoc, uint16_t ePacket, XFA_ELEMENT eElement); - ~CXFA_Node(); + ~CXFA_Node() override; friend class CXFA_Document; CXFA_Node* Deprecated_GetPrevSibling(); FX_BOOL SetValue(XFA_ATTRIBUTE eAttr, @@ -669,7 +672,7 @@ class CXFA_ThisProxy : public CXFA_Object { m_pThisNode = pThisNode; m_pScriptNode = pScriptNode; } - virtual ~CXFA_ThisProxy() {} + ~CXFA_ThisProxy() override {} CXFA_Node* GetThisNode() { return m_pThisNode; } CXFA_Node* GetScriptNode() { return m_pScriptNode; } |