From c9f1234b1982eb7ec8a5254195574e88bee54703 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Tue, 24 Jul 2018 16:29:25 +0000
Subject: Remove lpClass argument from FXJSE_RetrieveObjectBinding()

In turn, it too is always nullptr. This shows that the V8
side check for hasInstance() was never being applied. We will
augment this with C++ side checks down the road, since we don't
want to trust V8 anyways.

Change-Id: Iee38f32af9561783dbf253d798bd975029f3a4a2
Reviewed-on: https://pdfium-review.googlesource.com/38594
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
---
 fxjs/cfxjse_context.cpp | 11 ++---------
 fxjs/cfxjse_context.h   |  3 +--
 fxjs/cfxjse_engine.cpp  |  4 ++--
 fxjs/cfxjse_value.cpp   |  2 +-
 4 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/fxjs/cfxjse_context.cpp b/fxjs/cfxjse_context.cpp
index 32fdd60cda..6c5a95f966 100644
--- a/fxjs/cfxjse_context.cpp
+++ b/fxjs/cfxjse_context.cpp
@@ -120,8 +120,8 @@ void FXJSE_UpdateObjectBinding(v8::Local<v8::Object>& hObject,
   hObject->SetAlignedPointerInInternalField(1, lpNewBinding);
 }
 
-CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Object> hJSObject,
-                                               CFXJSE_Class* lpClass) {
+CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(
+    v8::Local<v8::Object> hJSObject) {
   ASSERT(!hJSObject.IsEmpty());
   if (!hJSObject->IsObject())
     return nullptr;
@@ -140,13 +140,6 @@ CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Object> hJSObject,
   if (hObject->GetAlignedPointerFromInternalField(0) != g_FXJSEHostObjectTag)
     return nullptr;
 
-  if (lpClass) {
-    v8::Local<v8::FunctionTemplate> hClass =
-        v8::Local<v8::FunctionTemplate>::New(
-            lpClass->GetContext()->GetIsolate(), lpClass->GetTemplate());
-    if (!hClass->HasInstance(hObject))
-      return nullptr;
-  }
   return static_cast<CFXJSE_HostObject*>(
       hObject->GetAlignedPointerFromInternalField(1));
 }
diff --git a/fxjs/cfxjse_context.h b/fxjs/cfxjse_context.h
index e0e5eeba55..5a299428ab 100644
--- a/fxjs/cfxjse_context.h
+++ b/fxjs/cfxjse_context.h
@@ -51,7 +51,6 @@ class CFXJSE_Context {
 void FXJSE_UpdateObjectBinding(v8::Local<v8::Object>& hObject,
                                CFXJSE_HostObject* lpNewBinding);
 
-CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Object> hJSObject,
-                                               CFXJSE_Class* lpClass);
+CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Object> hJSObject);
 
 #endif  // FXJS_CFXJSE_CONTEXT_H_
diff --git a/fxjs/cfxjse_engine.cpp b/fxjs/cfxjse_engine.cpp
index c5cc89a8d0..e297ed16e2 100644
--- a/fxjs/cfxjse_engine.cpp
+++ b/fxjs/cfxjse_engine.cpp
@@ -81,7 +81,7 @@ CXFA_Object* CFXJSE_Engine::ToObject(
     return nullptr;
 
   CFXJSE_HostObject* pHostObj =
-      FXJSE_RetrieveObjectBinding(info.Holder().As<v8::Object>(), nullptr);
+      FXJSE_RetrieveObjectBinding(info.Holder().As<v8::Object>());
   return pHostObj ? pHostObj->AsCXFAObject() : nullptr;
 }
 
@@ -793,7 +793,7 @@ CXFA_Object* CFXJSE_Engine::ToXFAObject(v8::Local<v8::Value> obj) {
     return nullptr;
 
   CFXJSE_HostObject* pHostObj =
-      FXJSE_RetrieveObjectBinding(obj.As<v8::Object>(), nullptr);
+      FXJSE_RetrieveObjectBinding(obj.As<v8::Object>());
   return pHostObj ? pHostObj->AsCXFAObject() : nullptr;
 }
 
diff --git a/fxjs/cfxjse_value.cpp b/fxjs/cfxjse_value.cpp
index 915fefc119..90f553b169 100644
--- a/fxjs/cfxjse_value.cpp
+++ b/fxjs/cfxjse_value.cpp
@@ -76,7 +76,7 @@ CFXJSE_HostObject* CFXJSE_Value::ToHostObject() const {
   if (!pValue->IsObject())
     return nullptr;
 
-  return FXJSE_RetrieveObjectBinding(pValue.As<v8::Object>(), nullptr);
+  return FXJSE_RetrieveObjectBinding(pValue.As<v8::Object>());
 }
 
 void CFXJSE_Value::SetObject(CFXJSE_HostObject* lpObject,
-- 
cgit v1.2.3