From 63b2fc7e0248d2112935775f52027a018b9aa737 Mon Sep 17 00:00:00 2001 From: Tom Sepez Date: Mon, 14 Aug 2017 16:24:29 -0700 Subject: Check for possible empty object returns from NewFxDynamicObj() Avoid some potential crashiness. TBR=jochen@chromium.org Bug: 754610 Change-Id: Ie8143c1909df7ba5783b7d20b61e31f093d04b34 Reviewed-on: https://pdfium-review.googlesource.com/10970 Commit-Queue: Tom Sepez Reviewed-by: dsinclair --- fpdfsdk/javascript/global.cpp | 19 ++++++++++++------- fxjs/fxjs_v8.cpp | 8 ++++++-- fxjs/fxjs_v8_embeddertest.cpp | 1 + 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/fpdfsdk/javascript/global.cpp b/fpdfsdk/javascript/global.cpp index d7f17fa41c..8dcddf4339 100644 --- a/fpdfsdk/javascript/global.cpp +++ b/fpdfsdk/javascript/global.cpp @@ -206,11 +206,13 @@ void JSGlobalAlternate::UpdateGlobalPersistentVariables() { break; case JS_GlobalDataType::OBJECT: { v8::Local pObj = pRuntime->NewFxDynamicObj(-1); - PutObjectProperty(pObj, &pData->data); - SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::OBJECT, 0, - false, "", pObj, pData->bPersistent == 1); - pRuntime->PutObjectProperty(m_pJSObject->ToV8Object(), - pData->data.sKey.UTF8Decode(), pObj); + if (!pObj.IsEmpty()) { + PutObjectProperty(pObj, &pData->data); + SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::OBJECT, 0, + false, "", pObj, pData->bPersistent == 1); + pRuntime->PutObjectProperty(m_pJSObject->ToV8Object(), + pData->data.sKey.UTF8Decode(), pObj); + } } break; case JS_GlobalDataType::NULLOBJ: SetGlobalVariables(pData->data.sKey, JS_GlobalDataType::NULLOBJ, 0, @@ -335,8 +337,11 @@ void JSGlobalAlternate::PutObjectProperty(v8::Local pObj, break; case JS_GlobalDataType::OBJECT: { v8::Local pNewObj = pRuntime->NewFxDynamicObj(-1); - PutObjectProperty(pNewObj, pObjData); - pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(), pNewObj); + if (!pNewObj.IsEmpty()) { + PutObjectProperty(pNewObj, pObjData); + pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(), + pNewObj); + } } break; case JS_GlobalDataType::NULLOBJ: pRuntime->PutObjectProperty(pObj, pObjData->sKey.UTF8Decode(), diff --git a/fxjs/fxjs_v8.cpp b/fxjs/fxjs_v8.cpp index d3d2010b30..05986b4eb8 100644 --- a/fxjs/fxjs_v8.cpp +++ b/fxjs/fxjs_v8.cpp @@ -409,8 +409,12 @@ void CFXJS_Engine::InitializeEngine() { } else if (pObjDef->m_ObjType == FXJSOBJTYPE_STATIC) { v8::Local pObjName = NewString(pObjDef->m_ObjName); v8::Local obj = NewFxDynamicObj(i, true); - v8Context->Global()->Set(v8Context, pObjName, obj).FromJust(); - m_StaticObjects[i] = new v8::Global(m_isolate, obj); + if (!obj.IsEmpty()) { + v8Context->Global()->Set(v8Context, pObjName, obj).FromJust(); + m_StaticObjects[i] = new v8::Global(m_isolate, obj); + } else { + m_StaticObjects[i] = nullptr; + } } } m_V8PersistentContext.Reset(m_isolate, v8Context); diff --git a/fxjs/fxjs_v8_embeddertest.cpp b/fxjs/fxjs_v8_embeddertest.cpp index 4d05a20bf9..5a8ee63bea 100644 --- a/fxjs/fxjs_v8_embeddertest.cpp +++ b/fxjs/fxjs_v8_embeddertest.cpp @@ -192,6 +192,7 @@ TEST_F(FXJSV8EmbedderTest, NewObject) { v8::Context::Scope context_scope(GetV8Context()); auto object = engine()->NewFxDynamicObj(-1); + ASSERT_FALSE(object.IsEmpty()); EXPECT_EQ(0u, engine()->GetObjectPropertyNames(object).size()); EXPECT_FALSE(engine()->GetObjectProperty(object, L"clams").IsEmpty()); EXPECT_TRUE(engine()->GetObjectProperty(object, L"clams")->IsUndefined()); -- cgit v1.2.3