From c62aa207e9acb919c33df5f3694fe159619dda86 Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Mon, 23 Jul 2018 23:12:14 +0000
Subject: Tighten up ThisProxy casts.

Previous CLs have shown that the "lpClass" checks aren't sufficient
here, so ensure we are always checking C++ enum value before
downcasting this type.

Change-Id: I418127c5e7131e0a3363363a60d1976719d6837c
Reviewed-on: https://pdfium-review.googlesource.com/38550
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
---
 fxjs/cfxjse_engine.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'fxjs')

diff --git a/fxjs/cfxjse_engine.cpp b/fxjs/cfxjse_engine.cpp
index 3efe335d67..c5cc89a8d0 100644
--- a/fxjs/cfxjse_engine.cpp
+++ b/fxjs/cfxjse_engine.cpp
@@ -66,7 +66,10 @@ namespace {
 const char kFormCalcRuntime[] = "pfm_rt";
 
 CXFA_ThisProxy* ToThisProxy(CFXJSE_Value* pValue) {
-  return static_cast<CXFA_ThisProxy*>(pValue->ToHostObject());
+  CFXJSE_HostObject* pHostObject = pValue->ToHostObject();
+  if (!pHostObject)
+    return nullptr;
+  return CXFA_ThisProxy::FromCXFAObject(pHostObject->AsCXFAObject());
 }
 
 }  // namespace
@@ -470,10 +473,10 @@ CFXJSE_Context* CFXJSE_Engine::CreateVariablesContext(CXFA_Node* pScriptNode,
 
 CXFA_Object* CFXJSE_Engine::GetVariablesThis(CXFA_Object* pObject,
                                              bool bScriptNode) {
-  if (!pObject->IsVariablesThis())
+  CXFA_ThisProxy* pProxy = CXFA_ThisProxy::FromCXFAObject(pObject);
+  if (!pProxy)
     return pObject;
 
-  CXFA_ThisProxy* pProxy = static_cast<CXFA_ThisProxy*>(pObject);
   return bScriptNode ? pProxy->GetScriptNode() : pProxy->GetThisNode();
 }
 
-- 
cgit v1.2.3