From ad1f7b410cd6885bd22d9ee49d9f80d3017f131f Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Wed, 11 Jul 2018 13:04:43 +0000
Subject: Check GetObjDefnID() in various JS functions.

Consolidate all the checks into JSGetObject(), and add GetObjDefnID()
methods for classes that are missing it.

BUG=chromium:862059

Change-Id: I2c2b725a01dcd259ef712d2513fcf740cc410b15
Reviewed-on: https://pdfium-review.googlesource.com/37510
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 fxjs/cjs_app.cpp     |  5 +++++
 fxjs/cjs_app.h       |  1 +
 fxjs/cjs_color.cpp   |  5 +++++
 fxjs/cjs_color.h     |  1 +
 fxjs/cjs_console.cpp |  5 +++++
 fxjs/cjs_console.h   |  1 +
 fxjs/cjs_event.cpp   |  5 +++++
 fxjs/cjs_event.h     |  1 +
 fxjs/cjs_global.cpp  |  5 +++++
 fxjs/cjs_global.h    |  1 +
 fxjs/cjs_report.cpp  |  5 +++++
 fxjs/cjs_report.h    |  1 +
 fxjs/cjs_util.cpp    |  5 +++++
 fxjs/cjs_util.h      |  1 +
 fxjs/js_define.h     | 33 +++++++++++++++++++++------------
 15 files changed, 63 insertions(+), 12 deletions(-)

diff --git a/fxjs/cjs_app.cpp b/fxjs/cjs_app.cpp
index f52d7e9230..4648f462b4 100644
--- a/fxjs/cjs_app.cpp
+++ b/fxjs/cjs_app.cpp
@@ -83,6 +83,11 @@ int CJS_App::ObjDefnID = -1;
 
 const char CJS_App::kName[] = "app";
 
+// static
+int CJS_App::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_App::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj(CJS_App::kName, FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_app.h b/fxjs/cjs_app.h
index f1701ae883..e962b34d49 100644
--- a/fxjs/cjs_app.h
+++ b/fxjs/cjs_app.h
@@ -18,6 +18,7 @@ class GlobalTimer;
 
 class CJS_App : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
 
   CJS_App(v8::Local<v8::Object> pObject, CJS_Runtime* pRuntime);
diff --git a/fxjs/cjs_color.cpp b/fxjs/cjs_color.cpp
index a730b2cebf..1568687365 100644
--- a/fxjs/cjs_color.cpp
+++ b/fxjs/cjs_color.cpp
@@ -34,6 +34,11 @@ const JSMethodSpec CJS_Color::MethodSpecs[] = {{"convert", convert_static},
 int CJS_Color::ObjDefnID = -1;
 const char CJS_Color::kName[] = "color";
 
+// static
+int CJS_Color::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Color::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj(CJS_Color::kName, FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_color.h b/fxjs/cjs_color.h
index 581fea0427..e1b7caa78a 100644
--- a/fxjs/cjs_color.h
+++ b/fxjs/cjs_color.h
@@ -14,6 +14,7 @@
 
 class CJS_Color : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
   static v8::Local<v8::Array> ConvertPWLColorToArray(CJS_Runtime* pRuntime,
                                                      const CFX_Color& color);
diff --git a/fxjs/cjs_console.cpp b/fxjs/cjs_console.cpp
index 1ccf72feea..d2cbb243b7 100644
--- a/fxjs/cjs_console.cpp
+++ b/fxjs/cjs_console.cpp
@@ -21,6 +21,11 @@ const JSMethodSpec CJS_Console::MethodSpecs[] = {{"clear", clear_static},
 int CJS_Console::ObjDefnID = -1;
 const char CJS_Console::kName[] = "console";
 
+// static
+int CJS_Console::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Console::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj(CJS_Console::kName, FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_console.h b/fxjs/cjs_console.h
index 7ed39bbed9..236ad47cf3 100644
--- a/fxjs/cjs_console.h
+++ b/fxjs/cjs_console.h
@@ -13,6 +13,7 @@
 
 class CJS_Console : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
 
   CJS_Console(v8::Local<v8::Object> pObject, CJS_Runtime* pRuntime);
diff --git a/fxjs/cjs_event.cpp b/fxjs/cjs_event.cpp
index c10f8858a9..9594f13477 100644
--- a/fxjs/cjs_event.cpp
+++ b/fxjs/cjs_event.cpp
@@ -37,6 +37,11 @@ const JSPropertySpec CJS_Event::PropertySpecs[] = {
 int CJS_Event::ObjDefnID = -1;
 const char CJS_Event::kName[] = "event";
 
+// static
+int CJS_Event::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Event::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj(CJS_Event::kName, FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_event.h b/fxjs/cjs_event.h
index 39d9cdba87..804c6f6c7d 100644
--- a/fxjs/cjs_event.h
+++ b/fxjs/cjs_event.h
@@ -11,6 +11,7 @@
 
 class CJS_Event : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
 
   CJS_Event(v8::Local<v8::Object> pObject, CJS_Runtime* pRuntime);
diff --git a/fxjs/cjs_global.cpp b/fxjs/cjs_global.cpp
index 7a319dd4cb..e3c347ef58 100644
--- a/fxjs/cjs_global.cpp
+++ b/fxjs/cjs_global.cpp
@@ -191,6 +191,11 @@ void CJS_Global::DefineAllProperties(CFXJS_Engine* pEngine) {
       CJS_Global::putprop_static, CJS_Global::delprop_static);
 }
 
+// static
+int CJS_Global::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Global::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj("global", FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_global.h b/fxjs/cjs_global.h
index ba5d57cd07..51f872a782 100644
--- a/fxjs/cjs_global.h
+++ b/fxjs/cjs_global.h
@@ -18,6 +18,7 @@ class CJS_GlobalData;
 
 class CJS_Global : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
   static void DefineAllProperties(CFXJS_Engine* pEngine);
 
diff --git a/fxjs/cjs_report.cpp b/fxjs/cjs_report.cpp
index 868e9c3279..6e205ef7e7 100644
--- a/fxjs/cjs_report.cpp
+++ b/fxjs/cjs_report.cpp
@@ -18,6 +18,11 @@ const JSMethodSpec CJS_Report::MethodSpecs[] = {
 int CJS_Report::ObjDefnID = -1;
 const char CJS_Report::kName[] = "Report";
 
+// static
+int CJS_Report::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Report::DefineJSObjects(CFXJS_Engine* pEngine, FXJSOBJTYPE eObjType) {
   ObjDefnID = pEngine->DefineObj(CJS_Report::kName, eObjType,
diff --git a/fxjs/cjs_report.h b/fxjs/cjs_report.h
index 36a00ce9f5..f9d1dc8ce4 100644
--- a/fxjs/cjs_report.h
+++ b/fxjs/cjs_report.h
@@ -13,6 +13,7 @@
 
 class CJS_Report : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine, FXJSOBJTYPE eObjType);
 
   CJS_Report(v8::Local<v8::Object> pObject, CJS_Runtime* pRuntime);
diff --git a/fxjs/cjs_util.cpp b/fxjs/cjs_util.cpp
index 3889f5ab63..eee9db3fb9 100644
--- a/fxjs/cjs_util.cpp
+++ b/fxjs/cjs_util.cpp
@@ -67,6 +67,11 @@ const JSMethodSpec CJS_Util::MethodSpecs[] = {
 int CJS_Util::ObjDefnID = -1;
 const char CJS_Util::kName[] = "util";
 
+// static
+int CJS_Util::GetObjDefnID() {
+  return ObjDefnID;
+}
+
 // static
 void CJS_Util::DefineJSObjects(CFXJS_Engine* pEngine) {
   ObjDefnID = pEngine->DefineObj(CJS_Util::kName, FXJSOBJTYPE_STATIC,
diff --git a/fxjs/cjs_util.h b/fxjs/cjs_util.h
index a601d82225..611443c330 100644
--- a/fxjs/cjs_util.h
+++ b/fxjs/cjs_util.h
@@ -19,6 +19,7 @@
 
 class CJS_Util : public CJS_Object {
  public:
+  static int GetObjDefnID();
   static void DefineJSObjects(CFXJS_Engine* pEngine);
 
   CJS_Util(v8::Local<v8::Object> pObject, CJS_Runtime* pRuntime);
diff --git a/fxjs/js_define.h b/fxjs/js_define.h
index 01dfb15e2d..629cf1a02b 100644
--- a/fxjs/js_define.h
+++ b/fxjs/js_define.h
@@ -57,20 +57,31 @@ static void JSConstructor(CFXJS_Engine* pEngine, v8::Local<v8::Object> obj) {
 // CJS_Object has virtual dtor, template not required.
 void JSDestructor(v8::Local<v8::Object> obj);
 
+template <class C>
+C* JSGetObject(v8::Local<v8::Object> obj) {
+  if (CFXJS_Engine::GetObjDefnID(obj) != C::GetObjDefnID())
+    return nullptr;
+
+  CJS_Object* pJSObj = CFXJS_Engine::GetObjectPrivate(obj);
+  if (!pJSObj)
+    return nullptr;
+
+  return static_cast<C*>(pJSObj);
+}
+
 template <class C, CJS_Return (C::*M)(CJS_Runtime*)>
 void JSPropGetter(const char* prop_name_string,
                   const char* class_name_string,
                   v8::Local<v8::String> property,
                   const v8::PropertyCallbackInfo<v8::Value>& info) {
-  CJS_Object* pJSObj = CFXJS_Engine::GetObjectPrivate(info.Holder());
-  if (!pJSObj)
+  C* pObj = JSGetObject<C>(info.Holder());
+  if (!pObj)
     return;
 
-  CJS_Runtime* pRuntime = pJSObj->GetRuntime();
+  CJS_Runtime* pRuntime = pObj->GetRuntime();
   if (!pRuntime)
     return;
 
-  C* pObj = static_cast<C*>(pJSObj);
   CJS_Return result = (pObj->*M)(pRuntime);
   if (result.HasError()) {
     pRuntime->Error(JSFormatErrorString(class_name_string, prop_name_string,
@@ -88,15 +99,14 @@ void JSPropSetter(const char* prop_name_string,
                   v8::Local<v8::String> property,
                   v8::Local<v8::Value> value,
                   const v8::PropertyCallbackInfo<void>& info) {
-  CJS_Object* pJSObj = CFXJS_Engine::GetObjectPrivate(info.Holder());
-  if (!pJSObj)
+  C* pObj = JSGetObject<C>(info.Holder());
+  if (!pObj)
     return;
 
-  CJS_Runtime* pRuntime = pJSObj->GetRuntime();
+  CJS_Runtime* pRuntime = pObj->GetRuntime();
   if (!pRuntime)
     return;
 
-  C* pObj = static_cast<C*>(pJSObj);
   CJS_Return result = (pObj->*M)(pRuntime, value);
   if (result.HasError()) {
     pRuntime->Error(JSFormatErrorString(class_name_string, prop_name_string,
@@ -110,11 +120,11 @@ template <class C,
 void JSMethod(const char* method_name_string,
               const char* class_name_string,
               const v8::FunctionCallbackInfo<v8::Value>& info) {
-  CJS_Object* pJSObj = CFXJS_Engine::GetObjectPrivate(info.Holder());
-  if (!pJSObj)
+  C* pObj = JSGetObject<C>(info.Holder());
+  if (!pObj)
     return;
 
-  CJS_Runtime* pRuntime = pJSObj->GetRuntime();
+  CJS_Runtime* pRuntime = pObj->GetRuntime();
   if (!pRuntime)
     return;
 
@@ -122,7 +132,6 @@ void JSMethod(const char* method_name_string,
   for (unsigned int i = 0; i < (unsigned int)info.Length(); i++)
     parameters.push_back(info[i]);
 
-  C* pObj = static_cast<C*>(pJSObj);
   CJS_Return result = (pObj->*M)(pRuntime, parameters);
   if (result.HasError()) {
     pRuntime->Error(JSFormatErrorString(class_name_string, method_name_string,
-- 
cgit v1.2.3