From 3a005f22703b9303a306bf34cbd17c3729f763aa Mon Sep 17 00:00:00 2001 From: tsepez Date: Fri, 27 May 2016 17:45:00 -0700 Subject: Workaround dubious casting between CXFA_Object and void* in FXJSE This is just a crock to get things working until we fix the underlying issue. When there's single-inheritance, it may often work in practice to C-style (reinterpret) cast a Derived* ptr to void* and then back to a Base* ptr. One place where this blows up is if Derived has virtual functions but Base does not, in which case the world will be offset by the size of a vtable ptr. Because of the use of void* types in FXJSE, the above was happening when setting a CXFA_ThisProxy (Derived, virtual) to be a global object (void*). This would then be cast back to a CFXA_Object (Base, non-virtual) and chaos is ensured. Not sure how far back this goes. Along the way, pick up some tidying which was necessary for simplicity while tracking this down. BUG=613607 Review-Url: https://codereview.chromium.org/2015143005 --- xfa/fxfa/fm2js/xfa_fm2jscontext.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'xfa/fxfa/fm2js') diff --git a/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp b/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp index 40d8bcf5f4..2c8a362807 100644 --- a/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp +++ b/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp @@ -3347,7 +3347,8 @@ void CXFA_FM2JSContext::Eval(CFXJSE_Value* pThis, XFA_FM2JS_Translate( CFX_WideString::FromUTF8(utf8ScriptString.AsStringC()).AsStringC(), wsJavaScriptBuf, wsError); - CFXJSE_Context* pContext = FXJSE_Context_Create(pIsolate); + CFXJSE_Context* pContext = + FXJSE_Context_Create(pIsolate, nullptr, nullptr); CFXJSE_Value* returnValue = FXJSE_Value_Create(pIsolate); javaScript = wsJavaScriptBuf.AsStringC(); FXJSE_ExecuteScript( -- cgit v1.2.3