From 408392263860a9d2fc314a69d45ca1553a896ea5 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Thu, 19 Jul 2018 21:10:16 +0000
Subject: Change some ASSERTS() to early returns in cfxjse_class.cpp

Given the issues we've seen on the non-XFA side, be more careful
about using V8-provided data on the XFA side.

Change-Id: I13b7fa9ac852be74c8135410734445b2c9a23c97
Reviewed-on: https://pdfium-review.googlesource.com/38430
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
---
 fxjs/cfxjse_class.cpp | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/fxjs/cfxjse_class.cpp b/fxjs/cfxjse_class.cpp
index 2a2e0da333..67186ff66f 100644
--- a/fxjs/cfxjse_class.cpp
+++ b/fxjs/cfxjse_class.cpp
@@ -76,33 +76,37 @@ void Context_GlobalObjToString(
 void DynPropGetterAdapter_MethodCallback(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   v8::Local<v8::Object> hCallBackInfo = info.Data().As<v8::Object>();
-  ASSERT(hCallBackInfo->InternalFieldCount() == 2);
+  if (hCallBackInfo->InternalFieldCount() != 2)
+    return;
 
-  const FXJSE_CLASS_DESCRIPTOR* lpClass =
-      static_cast<const FXJSE_CLASS_DESCRIPTOR*>(
-          hCallBackInfo->GetAlignedPointerFromInternalField(0));
-  ASSERT(lpClass == &GlobalClassDescriptor ||
-         lpClass == &NormalClassDescriptor ||
-         lpClass == &VariablesClassDescriptor ||
-         lpClass == &kFormCalcFM2JSDescriptor);
+  auto* pClassDescriptor = static_cast<const FXJSE_CLASS_DESCRIPTOR*>(
+      hCallBackInfo->GetAlignedPointerFromInternalField(0));
+  if (pClassDescriptor != &GlobalClassDescriptor &&
+      pClassDescriptor != &NormalClassDescriptor &&
+      pClassDescriptor != &VariablesClassDescriptor &&
+      pClassDescriptor != &kFormCalcFM2JSDescriptor) {
+    return;
+  }
 
   v8::Local<v8::String> hPropName =
       hCallBackInfo->GetInternalField(1).As<v8::String>();
-  ASSERT(!hPropName.IsEmpty());
+  if (hPropName.IsEmpty())
+    return;
 
   v8::String::Utf8Value szPropName(info.GetIsolate(), hPropName);
-  WideString szFxPropName = WideString::FromUTF8(*szPropName);
+  CJS_Return result =
+      pClassDescriptor->dynMethodCall(info, WideString::FromUTF8(*szPropName));
 
-  CJS_Return result = lpClass->dynMethodCall(info, szFxPropName);
   if (result.HasError()) {
-    WideString err =
-        JSFormatErrorString(lpClass->name, *szPropName, result.Error());
+    WideString err = JSFormatErrorString(pClassDescriptor->name, *szPropName,
+                                         result.Error());
     v8::MaybeLocal<v8::String> str = v8::String::NewFromUtf8(
         info.GetIsolate(), ByteString::FromUnicode(err).c_str(),
         v8::NewStringType::kNormal);
     info.GetIsolate()->ThrowException(str.ToLocalChecked());
     return;
   }
+
   if (result.HasReturn())
     info.GetReturnValue().Set(result.Return());
 }
-- 
cgit v1.2.3