summaryrefslogtreecommitdiff
path: root/fxjs/fxjs_v8.cpp
AgeCommit message (Collapse)Author
2017-02-27Explicitly tag fxjs native objects.Tom Sepez
Native object callbacks have to distinguish whether the object they have been given is actually a native object and not some ordinary JS object. For method/property calls, this happens via v8's signature mechanism, but signature checks aren't applied to method arguments themselves. Currently, we do this by treating any object with an internal field count of 2 as being such, but this is fragile, and it has been pointed out that other objects with two internal fields are present. Additionally, that the first field points to a structure with a small zero-based object definition ID doesn't really have enough entropy to trust that it isn't some other entity. So add a pointer to an internal address in the second slot to make this safer. Note that we'll also get the same release_assert in the majority of cases as described in the bug. This is great from a security standpoint, but not great from a functional standpoint, except this likely only occurs in the wild if they are trying to mess with us. This just guards the theoretical cases that might pass the existing release_assert. BUG=695830 Change-Id: I42db27d6ed1143269a852805e4e4d862a8ab8773 Reviewed-on: https://pdfium-review.googlesource.com/2847 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-27Fix uninitialized memory read in CJS_Object::GetEmbedObject()Tom Sepez
The expected way to create native PDFium objects for JS is via the NewFxDynamicObject() call in C++, but that doesn't mean that the corresponding constructors won't be called from JS. In that case, the internal fields will be uninitialized, and subsequent method calls may try to use them. Add a constructor callback for all PDFium objects that nulls out these fields (shame that v8 doesn't do this by default, but probably saves some cycles). Then ensure that we check for this possibility in all the places it might turn up. Conversely, if we've just gotten a successful return from NewFxDynamicObject(), we know the CJS_Object/EmbedObj are good, so avoid checking there. BUG=695826 Change-Id: Iadad644c4af937def967ddc83daac1dad7544d69 Reviewed-on: https://pdfium-review.googlesource.com/2839 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-02-23Store JS string constants as single-byte strings.Tom Sepez
Save some space since none contain non-ascii characters. Avoid allocating C++ WideStrings just to convert back to UTF8 when defining properties. Change-Id: Id94db21b32ee7a96856c35a09f7550b54599ae13 Reviewed-on: https://pdfium-review.googlesource.com/2826 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-02-22Move JS constant tables to single-byte namesTom Sepez
none are non-ascii characters, so save space. Change-Id: I5e81e8847a2ce4a5ffa3422d2103ffe453036e7c Reviewed-on: https://pdfium-review.googlesource.com/2819 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-22Convert JS property tables to single-byte.Tom Sepez
Change-Id: I4daec9e05a63c55caa01402a594c3553073c439e Reviewed-on: https://pdfium-review.googlesource.com/2818 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-22Convert native method names to single-byte.Tom Sepez
There are no non-ascii characters, so save space. Change-Id: Ib9efb9386b6fc83bf3bb1810c791aadeeeebc259 Reviewed-on: https://pdfium-review.googlesource.com/2817 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-21Avoid some widestring to bytestring conversions in fxjs.Tom Sepez
None of the names have non-ascii characters. Change-Id: I83a52d6276edf2f442fca33221f38f6a53c3ffe3 Reviewed-on: https://pdfium-review.googlesource.com/2816 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-13Simplify FX_UTF8Encode variants.chromium/3012Tom Sepez
Doing so reveals places where there are needless copies and conversions. Change-Id: I24a868d40aa63836f4167eaf4541964049df7916 Reviewed-on: https://pdfium-review.googlesource.com/2555 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-18Tidy FXJS_V8, backfill tests.chromium/2986tsepez
Move checks performed as part of JS_Value's object and array handling back into FXJS, to ease removal of JS_Value in the future. Remove some convenience routines in FXJS for objects, to shrink API to be covered during testing. Change some naming (number => double, string => widestring) to make it clearer when there is a C++ type involved. BUG= Review-Url: https://codereview.chromium.org/2637503002
2016-11-01Reland: Make the CPDFXFA_App non-globalchromium/2907dsinclair
This reverts commit a282c7380f3964de41ea93c9980b12c4513d3473. This CL changes CPDFXFA_App from a global object to a child of the CPDFXFA_Document objects. BUG=pdfium:623 Review-Url: https://codereview.chromium.org/2421603002
2016-10-13Revert of Reland: Make the CPDFXFA_App non-global (patchset #2 id:20001 of ↵dsinclair
https://codereview.chromium.org/2418653003/ ) Reason for revert: https://build.chromium.org/p/client.pdfium/builders/linux_xfa_asan_lsan/builds/117/steps/corpus%20tests/logs/stdio Original issue's description: > Reland: Make the CPDFXFA_App non-global > > This reverts commit b685e6471075bebd26711bc183de3128f54932e3. > > This CL changes CPDFXFA_App from a global object to a child of the CPDFXFA_Document objects. > > BUG=pdfium:623 > > Committed: https://pdfium.googlesource.com/pdfium/+/f3736bca5f874b0889c5906ffbd74a405089f671 TBR=tsepez@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=pdfium:623 Review-Url: https://codereview.chromium.org/2414883006
2016-10-13Reland: Make the CPDFXFA_App non-globaldsinclair
This reverts commit b685e6471075bebd26711bc183de3128f54932e3. This CL changes CPDFXFA_App from a global object to a child of the CPDFXFA_Document objects. BUG=pdfium:623 Review-Url: https://codereview.chromium.org/2418653003
2016-10-13Revert of Make the CPDFXFA_App non-global (patchset #3 id:80001 of ↵dsinclair
https://codereview.chromium.org/2416753002/ ) Reason for revert: https://build.chromium.org/p/client.pdfium/builders/linux_xfa_asan_lsan/builds/112/steps/embeddertests/logs/stdio msan is sad. Original issue's description: > Make the CPDFXFA_App non-global > > This CL changes CPDFXFA_App from a global object to a child of the > CPDFXFA_Document objects. > > BUG=pdfium:623 > > Committed: https://pdfium.googlesource.com/pdfium/+/abefb79577b32d291d14d7e01a70f6f8cf213bd3 TBR=tsepez@chromium.org,thestig@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=pdfium:623 Review-Url: https://codereview.chromium.org/2412903004
2016-10-13Make the CPDFXFA_App non-globaldsinclair
This CL changes CPDFXFA_App from a global object to a child of the CPDFXFA_Document objects. BUG=pdfium:623 Review-Url: https://codereview.chromium.org/2416753002
2016-09-29Move fxjs/include to fxjsdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2380713005
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-22Simplify memory management for per isolate dataweili
Use smart pointers for FXJS_PerIsolateData owned member variables. Also move creation and deletion of dynamic object map into FXJS_PerIsolateData's constructor and destructor. Overall, the interfaces and memory management should be simpler. BUG=pdfium:518 Review-Url: https://codereview.chromium.org/2358343002
2016-09-21Set up isolate in CFXJS_Engine's constructorweili
CFXJS_Engine class should always be constructed with an isolate, except for its subclasses which may need to create an isolate by themselves. Move SetIsolate() function to be protected so that only subclasses can access it. Review-Url: https://codereview.chromium.org/2354353002
2016-09-21Fix leaks related to the usage of JSE runtime dataweili
Per isolate runtime data should be deleted when the associated isolate's destructed. Also, the internal of per isolate runtime data is obscure to the JS engine. So XFA or this class itself has to be in charge of the memory management. Use smart pointer for it so that the resource could be released properly. BUG=pdfium:242 Review-Url: https://codereview.chromium.org/2354923003
2016-08-15Push v8::Isolate into CFXJS_Engine classchromium/2831tsepez
Nearly all the "loose" functions in FXJS become methods on the CFJXS_Engine. This is the "missing link" wrt some layering violatons that have been around forever. We can stop passing &m_ variables from CJS_ down into FXJS Initialization as a result. Review-Url: https://codereview.chromium.org/2245863002
2016-08-15Move some v8 objects from CJS back into FXJStsepez
Create a new class to hold these, CFXJS_Engine (could have been called Runtime, but there are too many "Runtimes" already). In a subsequent patch, all the FXJS_*() functions that take an isolate as the first argument can become methods on the engine. CJS_ must still manage the isolates; this happens outside the engine. The IJS_Runtime abstraction moves up to fpdfsdk/javascript; it remains to allow for either a real JS library or a stubb one to be linked (for non-js builds). Review-Url: https://codereview.chromium.org/2241483004
2016-08-11Make FXJS_GetObjectElement return std::vector<CFX_WideString>.chromium/2829chromium/2828tsepez
Analogous to getting the length of JS array, this result should be a C++-side object only. Also rename to FXJS_GetObjectProperty to match JS nomenclature. Review-Url: https://codereview.chromium.org/2242593002
2016-08-05Return v8::Date specialization not v8::Value where possiblechromium/2824chromium/2823chromium/2822chromium/2821tsepez
Also get rid of FXJS_ValueCopy() while we're at it. BUG=pdfium:556 Review-Url: https://codereview.chromium.org/2215093002
2016-07-15Remove type info from CJS_Value, interrogate v8 insteadtsepez
Review-Url: https://codereview.chromium.org/2154503002
2016-07-14Do not try to v8::Object::Clone() any objectstsepez
v8::Object::Clone() is deprecated, and gets us into trouble with some corner cases. Create a new handle to the same object instead. Remove FXJS_NewObject() and FXJS_NewObject2(), and replace with direct assignments. Pass isolate to FXJS_NewNull() while were at it, even though not needed, for consistency with all remaining FXJS_New*() calls. BUG=628106 R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2151023002
2016-07-12Move fpdfsdk/jsapi into fxjs/dsinclair
This CL moves the fpdfsdk/sjapi code info fxjs/. The "fxjs" library is moved from being XFA specific to being compiled if V8 is enabled. The fxjs_v8 files are required when building for XFA (they have XFA defines in them) and are used in CFXJS_RuntimeData. The cfxjse_* files are only added if XFA is also enabled. Review-Url: https://codereview.chromium.org/2144603003