From 7d554c9dabeb7474dbdabbbf7d01a4abaa7f65a0 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Mon, 20 Jun 2016 06:06:31 -0700
Subject: Speculative fix for FXJS_InitializeRuntime crash.

The call to GetGlobalObjectTemplate() in FXJS_InitializeRuntime() will call
into CFXJS_ObjDefinition::MaxID() which will call FXJS_PerIsolateData() on
the provided isolate. We, currently, create the isolate data after we make this
call which seems like it would lead to bad things. This CL moves the PerIsolate
data creation earlier in the process.

BUG=chromium:612918

Review-Url: https://codereview.chromium.org/2069763002
---
 fpdfsdk/jsapi/fxjs_v8.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fpdfsdk/jsapi/fxjs_v8.cpp b/fpdfsdk/jsapi/fxjs_v8.cpp
index c63ef7ae89..283fac978a 100644
--- a/fpdfsdk/jsapi/fxjs_v8.cpp
+++ b/fpdfsdk/jsapi/fxjs_v8.cpp
@@ -331,11 +331,15 @@ void FXJS_InitializeRuntime(
 
   v8::Isolate::Scope isolate_scope(pIsolate);
   v8::HandleScope handle_scope(pIsolate);
+
+  // This has to happen before we call GetGlobalObjectTemplate because that
+  // method gets the PerIsolateData from pIsolate.
+  FXJS_PerIsolateData::SetUp(pIsolate);
+
   v8::Local<v8::Context> v8Context =
       v8::Context::New(pIsolate, nullptr, GetGlobalObjectTemplate(pIsolate));
   v8::Context::Scope context_scope(v8Context);
 
-  FXJS_PerIsolateData::SetUp(pIsolate);
   FXJS_PerIsolateData* pData = FXJS_PerIsolateData::Get(pIsolate);
   if (!pData)
     return;
-- 
cgit v1.2.3