From 3a005f22703b9303a306bf34cbd17c3729f763aa Mon Sep 17 00:00:00 2001
From: tsepez <tsepez@chromium.org>
Date: Fri, 27 May 2016 17:45:00 -0700
Subject: Workaround dubious casting between CXFA_Object and void* in FXJSE

This is just a crock to get things working until we fix the
underlying issue.

When there's single-inheritance, it may often work in practice
to C-style (reinterpret) cast a Derived* ptr to void* and then
back to a Base* ptr.  One place where this blows up is if
Derived has virtual functions but Base does not, in which case
the world will be offset by the size of a vtable ptr.

Because of the use of void* types in FXJSE, the above was happening
when setting a CXFA_ThisProxy (Derived, virtual) to be a global
object (void*). This would then be cast back to a CFXA_Object
(Base, non-virtual) and chaos is ensured.

Not sure how far back this goes.

Along the way, pick up some tidying which was necessary for
simplicity while tracking this down.

BUG=613607

Review-Url: https://codereview.chromium.org/2015143005
---
 xfa/fxjse/context.cpp | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

(limited to 'xfa/fxjse/context.cpp')

diff --git a/xfa/fxjse/context.cpp b/xfa/fxjse/context.cpp
index 333b2abe57..49d0b44338 100644
--- a/xfa/fxjse/context.cpp
+++ b/xfa/fxjse/context.cpp
@@ -8,9 +8,48 @@
 
 #include "xfa/fxjse/class.h"
 #include "xfa/fxjse/scope_inline.h"
-#include "xfa/fxjse/util_inline.h"
 #include "xfa/fxjse/value.h"
 
+v8::Local<v8::Object> FXJSE_GetGlobalObjectFromContext(
+    const v8::Local<v8::Context>& hContext) {
+  return hContext->Global()->GetPrototype().As<v8::Object>();
+}
+
+void FXJSE_UpdateObjectBinding(v8::Local<v8::Object>& hObject,
+                               void* lpNewBinding) {
+  ASSERT(!hObject.IsEmpty());
+  ASSERT(hObject->InternalFieldCount() > 0);
+  hObject->SetAlignedPointerInInternalField(0, lpNewBinding);
+}
+
+void* FXJSE_RetrieveObjectBinding(const v8::Local<v8::Object>& hJSObject,
+                                  CFXJSE_Class* lpClass) {
+  ASSERT(!hJSObject.IsEmpty());
+  if (!hJSObject->IsObject()) {
+    return NULL;
+  }
+  v8::Local<v8::Object> hObject = hJSObject;
+  if (hObject->InternalFieldCount() == 0) {
+    v8::Local<v8::Value> hProtoObject = hObject->GetPrototype();
+    if (hProtoObject.IsEmpty() || !hProtoObject->IsObject()) {
+      return NULL;
+    }
+    hObject = hProtoObject.As<v8::Object>();
+    if (hObject->InternalFieldCount() == 0) {
+      return NULL;
+    }
+  }
+  if (lpClass) {
+    v8::Local<v8::FunctionTemplate> hClass =
+        v8::Local<v8::FunctionTemplate>::New(
+            lpClass->GetContext()->GetRuntime(), lpClass->GetTemplate());
+    if (!hClass->HasInstance(hObject)) {
+      return NULL;
+    }
+  }
+  return hObject->GetAlignedPointerFromInternalField(0);
+}
+
 CFXJSE_Context* FXJSE_Context_Create(
     v8::Isolate* pIsolate,
     const FXJSE_CLASS_DESCRIPTOR* lpGlobalClass,
-- 
cgit v1.2.3