From f15807369f2fc3c346cfe06b1d9d847de0feee1d Mon Sep 17 00:00:00 2001
From: JUN FANG <jun_fang@foxitsoftware.com>
Date: Mon, 6 Apr 2015 12:39:51 -0700
Subject: Fix a fatal error due to cloning a global document object

BUG=454595
R=tsepez@chromium.org

Review URL: https://codereview.chromium.org/1053373002
---
 fpdfsdk/include/javascript/Document.h | 52 ++++++++++++++++-------------------
 fpdfsdk/include/javascript/JS_Value.h | 38 ++++++++++++-------------
 fpdfsdk/src/javascript/Document.cpp   |  6 ++++
 fpdfsdk/src/javascript/Field.cpp      | 12 +++-----
 fpdfsdk/src/javascript/JS_Value.cpp   | 32 +++++++++++++++++----
 5 files changed, 77 insertions(+), 63 deletions(-)

diff --git a/fpdfsdk/include/javascript/Document.h b/fpdfsdk/include/javascript/Document.h
index 7d7cd7c8a0..8aa53fe7f7 100644
--- a/fpdfsdk/include/javascript/Document.h
+++ b/fpdfsdk/include/javascript/Document.h
@@ -160,38 +160,32 @@ public:
 	FX_BOOL	removeIcon(IFXJS_Context* cc, const CJS_Parameters& params, CJS_Value& vRet, CFX_WideString& sError);
 	
 public:
-	void AttachDoc(CPDFSDK_Document* pDoc);
-	CPDFSDK_Document* GetReaderDoc();
-
-	static FX_BOOL				ExtractFileName(CPDFSDK_Document* pDoc, CFX_ByteString& strFileName);
-	static FX_BOOL				ExtractFolderName(CPDFSDK_Document* pDoc, CFX_ByteString& strFolderName);
-
-public:
-	void						AddDelayData(CJS_DelayData* pData);
-	void						DoFieldDelay(const CFX_WideString& sFieldName, int nControlIndex);
-
-	void						AddDelayAnnotData(CJS_AnnotObj *pData);
-	void						DoAnnotDelay();
-	void						SetIsolate(v8::Isolate* isolate) {m_isolate = isolate;}
-
-private:
-	CFX_WideString				ReversalStr(CFX_WideString cbFrom);
-	CFX_WideString				CutString(CFX_WideString cbFrom);
-	bool						IsEnclosedInRect(CFX_FloatRect rect, CFX_FloatRect LinkRect);
-	int							CountWords(CPDF_TextObject* pTextObj);
-	CFX_WideString				GetObjWordStr(CPDF_TextObject* pTextObj, int nWordIndex);
-
-	FX_BOOL						ParserParams(JSObject *pObj,CJS_AnnotObj& annotobj);
+	void                                    AttachDoc(CPDFSDK_Document* pDoc);
+	CPDFSDK_Document*                       GetReaderDoc();
+	static FX_BOOL                          ExtractFileName(CPDFSDK_Document* pDoc, CFX_ByteString& strFileName);
+	static FX_BOOL                          ExtractFolderName(CPDFSDK_Document* pDoc, CFX_ByteString& strFolderName);
+	void                                    AddDelayData(CJS_DelayData* pData);
+	void                                    DoFieldDelay(const CFX_WideString& sFieldName, int nControlIndex);
+	void                                    AddDelayAnnotData(CJS_AnnotObj *pData);
+	void                                    DoAnnotDelay();
+	void                                    SetIsolate(v8::Isolate* isolate) {m_isolate = isolate;}
+	CJS_Document*                           GetCJSDoc() const; 
 
 private:
-	v8::Isolate*					m_isolate;
-	IconTree*					m_pIconTree;
-	CPDFSDK_Document*			m_pDocument;
-	CFX_WideString				m_cwBaseURL;
+	CFX_WideString                          ReversalStr(CFX_WideString cbFrom);
+	CFX_WideString                          CutString(CFX_WideString cbFrom);
+	bool                                    IsEnclosedInRect(CFX_FloatRect rect, CFX_FloatRect LinkRect);
+	int                                     CountWords(CPDF_TextObject* pTextObj);
+	CFX_WideString                          GetObjWordStr(CPDF_TextObject* pTextObj, int nWordIndex);
+	FX_BOOL                                 ParserParams(JSObject *pObj,CJS_AnnotObj& annotobj);
 
-	FX_BOOL								m_bDelay;
-	CFX_ArrayTemplate<CJS_DelayData*>	m_DelayData;
-	CFX_ArrayTemplate<CJS_AnnotObj*>	m_DelayAnnotData;
+	v8::Isolate*                            m_isolate;
+	IconTree*                               m_pIconTree;
+	CPDFSDK_Document*                       m_pDocument;
+	CFX_WideString                          m_cwBaseURL;
+	FX_BOOL                                 m_bDelay;
+	CFX_ArrayTemplate<CJS_DelayData*>       m_DelayData;
+	CFX_ArrayTemplate<CJS_AnnotObj*>        m_DelayAnnotData;
 };
 
 class CJS_Document : public CJS_Object
diff --git a/fpdfsdk/include/javascript/JS_Value.h b/fpdfsdk/include/javascript/JS_Value.h
index 4962ddcf3d..165898cf33 100644
--- a/fpdfsdk/include/javascript/JS_Value.h
+++ b/fpdfsdk/include/javascript/JS_Value.h
@@ -52,6 +52,7 @@ public:
 	void operator = (double);
 	void operator = (float);
 	void operator = (CJS_Object*);
+	void operator = (CJS_Document*);
 	void operator = (v8::Handle<v8::Object>);
 	void operator = (CJS_Array &);
 	void operator = (CJS_Date &);
@@ -87,37 +88,34 @@ public:
 class CJS_PropValue: public CJS_Value
 {
 public:
-	CJS_PropValue(const CJS_Value &);
+	CJS_PropValue(const CJS_Value&);
 	CJS_PropValue(v8::Isolate* isolate);
 	~CJS_PropValue();
 public:
 	FX_BOOL IsSetting();
 	FX_BOOL IsGetting();
-	void operator<<(int );
-	void operator>>(int &) const;
+	void operator<<(int);
+	void operator>>(int&) const;
 	void operator<<(bool);
-	void operator>>(bool &) const;
-	void operator<<(double );
-	void operator>>(double &) const;
-	void operator<<(CJS_Object *pObj);
-	void operator>>(CJS_Object *&ppObj) const;
+	void operator>>(bool&) const;
+	void operator<<(double);
+	void operator>>(double&) const;
+	void operator<<(CJS_Object* pObj);
+	void operator>>(CJS_Object*& ppObj) const;
+	void operator<<(CJS_Document* pJsDoc);
+	void operator>>(CJS_Document*& ppJsDoc) const;
 	void operator<<(CFX_ByteString);
-	void operator>>(CFX_ByteString &) const;
+	void operator>>(CFX_ByteString&) const;
 	void operator<<(CFX_WideString);
-	void operator>>(CFX_WideString &) const;
+	void operator>>(CFX_WideString&) const;
 	void operator<<(FX_LPCWSTR c_string);
-
 	void operator<<(JSFXObject);
-	void operator>>(JSFXObject &) const;
-
-	void operator>>(CJS_Array &array) const;
-	void operator<<(CJS_Array &array);
-
-	void operator<<(CJS_Date &date);
-	void operator>>(CJS_Date &date) const;
-
+	void operator>>(JSFXObject&) const;
+	void operator>>(CJS_Array& array) const;
+	void operator<<(CJS_Array& array);
+	void operator<<(CJS_Date& date);
+	void operator>>(CJS_Date& date) const;
 	operator v8::Handle<v8::Value>() const;
-
 	void StartSetting();
 	void StartGetting();
 private:
diff --git a/fpdfsdk/src/javascript/Document.cpp b/fpdfsdk/src/javascript/Document.cpp
index b1a2ad7688..f823d8084f 100644
--- a/fpdfsdk/src/javascript/Document.cpp
+++ b/fpdfsdk/src/javascript/Document.cpp
@@ -1947,3 +1947,9 @@ void Document::DoAnnotDelay()
 		m_DelayData.RemoveAt(DelArray[j]);
 	}
 }
+
+CJS_Document* Document::GetCJSDoc() const 
+{
+	return static_cast<CJS_Document*>(m_pJSObject);
+}
+
diff --git a/fpdfsdk/src/javascript/Field.cpp b/fpdfsdk/src/javascript/Field.cpp
index 771b3660ec..85b7d12c3f 100644
--- a/fpdfsdk/src/javascript/Field.cpp
+++ b/fpdfsdk/src/javascript/Field.cpp
@@ -1500,26 +1500,22 @@ void Field::SetDisplay(CPDFSDK_Document* pDocument, const CFX_WideString& swFiel
 
 FX_BOOL Field::doc(IFXJS_Context* cc, CJS_PropValue& vp, CFX_WideString& sError)
 {
-	ASSERT(m_pJSDoc != NULL);
-
-	if (!vp.IsGetting())return FALSE;
-
-	vp << (CJS_Object*)(*m_pJSDoc);
-
+	if (!vp.IsGetting()) {
+		return FALSE;
+	}
+	vp << m_pJSDoc->GetCJSDoc();
 	return TRUE;
 }
 
 FX_BOOL Field::editable(IFXJS_Context* cc, CJS_PropValue& vp, CFX_WideString& sError)
 {
 	ASSERT(m_pDocument != NULL);
-
 	if (vp.IsSetting())
 	{
 		if (!m_bCanSet) return FALSE;
 
 		bool bVP;
 		vp >> bVP;
-
 	}
 	else
 	{
diff --git a/fpdfsdk/src/javascript/JS_Value.cpp b/fpdfsdk/src/javascript/JS_Value.cpp
index 9279ff5db4..6292b8d042 100644
--- a/fpdfsdk/src/javascript/JS_Value.cpp
+++ b/fpdfsdk/src/javascript/JS_Value.cpp
@@ -202,6 +202,14 @@ void CJS_Value::operator =(CJS_Object * pObj)
 		operator = ((JSFXObject)*pObj);
 }
 
+void CJS_Value::operator = (CJS_Document* pJsDoc)
+{
+	m_eType = VT_object;
+	if (pJsDoc) {
+		m_pValue = static_cast<JSFXObject>(*pJsDoc);
+	}
+}
+
 void CJS_Value::operator =(FX_LPCWSTR pWstr)
 {
 	m_pValue = JS_NewString(m_isolate,(wchar_t *)pWstr);
@@ -344,7 +352,7 @@ void CJS_PropValue::operator <<(bool bValue)
 	CJS_Value::operator =(bValue);
 }
 
-void CJS_PropValue::operator >>(bool &bValue) const
+void CJS_PropValue::operator >>(bool& bValue) const
 {
 	ASSERT(m_bIsSetting);
 	bValue = CJS_Value::operator bool();
@@ -357,24 +365,36 @@ void CJS_PropValue::operator <<(double dValue)
 	CJS_Value::operator =(dValue);
 }
 
-void CJS_PropValue::operator >>(double &dValue) const
+void CJS_PropValue::operator >>(double& dValue) const
 {
 	ASSERT(m_bIsSetting);
 	dValue = CJS_Value::operator double();
 }
 
-void CJS_PropValue::operator <<(CJS_Object *pObj)
+void CJS_PropValue::operator <<(CJS_Object* pObj)
 {
-	ASSERT(!m_bIsSetting);
+	ASSERT(!m_bIsSetting)
 	CJS_Value::operator = (pObj);
 }
 
-void CJS_PropValue::operator >>(CJS_Object *&ppObj) const
+void CJS_PropValue::operator >>(CJS_Object*& ppObj) const
 {
-	ASSERT(m_bIsSetting);
+	ASSERT(m_bIsSetting)
 	ppObj = CJS_Value::operator CJS_Object *();
 }
 
+void CJS_PropValue::operator <<(CJS_Document* pJsDoc)
+{
+	ASSERT(!m_bIsSetting);
+	CJS_Value::operator = (pJsDoc);
+}
+
+void CJS_PropValue::operator >>(CJS_Document*& ppJsDoc) const
+{
+	ASSERT(m_bIsSetting);
+	ppJsDoc = static_cast<CJS_Document*>(CJS_Value::operator CJS_Object *());
+}
+
 void CJS_PropValue::operator<<(JSFXObject pObj)
 {
 	ASSERT(!m_bIsSetting);
-- 
cgit v1.2.3