bindings: Add empty checks for toV8()

Source/bindings/core/v8/ScriptValueSerializer.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "bindings/core/v8/ScriptValueSerializer.h"
 
 #include "bindings/core/v8/V8ArrayBuffer.h"
 #include "bindings/core/v8/V8ArrayBufferView.h"
 #include "bindings/core/v8/V8Blob.h"
@@ skipping 565 matching lines @@
 ScriptValueSerializer::StateBase* ScriptValueSerializer::SparseArrayState::objectDone(unsigned numProperties, ScriptValueSerializer& serializer)
 {
     return serializer.writeSparseArray(numProperties, composite().As<v8::Array>()->Length(), this);
 }
 
 static v8::Local<v8::Object> toV8Object(MessagePort* impl, v8::Local<v8::Object> creationContext, v8::Isolate* isolate)
 {
     if (!impl)
         return v8::Local<v8::Object>();
     v8::Local<v8::Value> wrapper = toV8(impl, creationContext, isolate);
+    if (wrapper.IsEmpty())
+        return v8::Local<v8::Object>();
     ASSERT(wrapper->IsObject());
     return wrapper.As<v8::Object>();
 }
 
 static v8::Local<v8::ArrayBuffer> toV8Object(DOMArrayBuffer* impl, v8::Local<v8::Object> creationContext, v8::Isolate* isolate)
 {
     if (!impl)
         return v8::Local<v8::ArrayBuffer>();
     v8::Local<v8::Value> wrapper = toV8(impl, creationContext, isolate);
+    if (wrapper.IsEmpty())
+        return v8::Local<v8::ArrayBuffer>();
     ASSERT(wrapper->IsArrayBuffer());
     return wrapper.As<v8::ArrayBuffer>();
 }
 
 // Returns true if the provided object is to be considered a 'host object', as used in the
 // HTML5 structured clone algorithm.
 static bool isHostObject(v8::Local<v8::Object> object)
 {
     // If the object has any internal fields, then we won't be able to serialize or deserialize
     // them; conveniently, this is also a quick way to detect DOM wrapper objects, because
@@ skipping 795 matching lines @@
         return false;
     if (m_position + pixelDataLength > m_length)
         return false;
     ImageData* imageData = ImageData::create(IntSize(width, height));
     DOMUint8ClampedArray* pixelArray = imageData->data();
     ASSERT(pixelArray);
     ASSERT(pixelArray->length() >= pixelDataLength);
     memcpy(pixelArray->data(), m_buffer + m_position, pixelDataLength);
     m_position += pixelDataLength;
     *value = toV8(imageData, m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 bool SerializedScriptValueReader::readCompositorProxy(v8::Local<v8::Value>* value)
 {
     uint32_t attributes;
     uint64_t element;
     if (!doReadUint64(&element))
         return false;
     if (!doReadUint32(&attributes))
         return false;
 
     CompositorProxy* compositorProxy = CompositorProxy::create(element, attributes);
     *value = toV8(compositorProxy, m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 PassRefPtr<DOMArrayBuffer> SerializedScriptValueReader::doReadArrayBuffer()
 {
     uint32_t byteLength;
     if (!doReadUint32(&byteLength))
         return nullptr;
     if (m_position + byteLength > m_length)
         return nullptr;
     const void* bufferStart = m_buffer + m_position;
     m_position += byteLength;
     return DOMArrayBuffer::create(bufferStart, byteLength);
 }
 
 bool SerializedScriptValueReader::readArrayBuffer(v8::Local<v8::Value>* value)
 {
     RefPtr<DOMArrayBuffer> arrayBuffer = doReadArrayBuffer();
     if (!arrayBuffer)
         return false;
     *value = toV8(arrayBuffer.release(), m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 bool SerializedScriptValueReader::readArrayBufferView(v8::Local<v8::Value>* value, ScriptValueCompositeCreator& creator)
 {
     ArrayBufferViewSubTag subTag;
     uint32_t byteOffset;
     uint32_t byteLength;
     RefPtr<DOMArrayBuffer> arrayBuffer;
     v8::Local<v8::Value> arrayBufferV8Value;
     if (!readArrayBufferViewSubTag(&subTag))
@@ skipping 124 matching lines @@
         ASSERT(!m_blobInfo);
         if (!readWebCoreString(&uuid))
             return false;
         if (!readWebCoreString(&type))
             return false;
         if (!doReadUint64(&size))
             return false;
         blob = Blob::create(getOrCreateBlobDataHandle(uuid, type, size));
     }
     *value = toV8(blob, m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 bool SerializedScriptValueReader::readFile(v8::Local<v8::Value>* value, bool isIndexed)
 {
     File* file = nullptr;
     if (isIndexed) {
         if (m_version < 6)
             return false;
         file = readFileIndexHelper();
     } else {
         file = readFileHelper();
     }
     if (!file)
         return false;
     *value = toV8(file, m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 bool SerializedScriptValueReader::readFileList(v8::Local<v8::Value>* value, bool isIndexed)
 {
     if (m_version < 3)
         return false;
     uint32_t length;
     if (!doReadUint32(&length))
         return false;
     FileList* fileList = FileList::create();
     for (unsigned i = 0; i < length; ++i) {
         File* file = nullptr;
         if (isIndexed) {
             if (m_version < 6)
                 return false;
             file = readFileIndexHelper();
         } else {
             file = readFileHelper();
         }
         if (!file)
             return false;
         fileList->append(file);
     }
     *value = toV8(fileList, m_scriptState->context()->Global(), isolate());
-    return true;
+    return !value->IsEmpty();
 }
 
 File* SerializedScriptValueReader::readFileHelper()
 {
     if (m_version < 3)
         return nullptr;
     ASSERT(!m_blobInfo);
     String path;
     String name;
     String relativePath;
@@ skipping 199 matching lines @@
 }
 
 bool ScriptValueDeserializer::tryGetTransferredMessagePort(uint32_t index, v8::Local<v8::Value>* object)
 {
     if (!m_transferredMessagePorts)
         return false;
     if (index >= m_transferredMessagePorts->size())
         return false;
     v8::Local<v8::Object> creationContext = m_reader.scriptState()->context()->Global();
     *object = toV8(m_transferredMessagePorts->at(index).get(), creationContext, m_reader.scriptState()->isolate());
-    return true;
+    return !object->IsEmpty();
 }
 
 bool ScriptValueDeserializer::tryGetTransferredArrayBuffer(uint32_t index, v8::Local<v8::Value>* object)
 {
     if (!m_arrayBufferContents)
         return false;
     if (index >= m_arrayBuffers.size())
         return false;
     v8::Local<v8::Value> result = m_arrayBuffers.at(index);
     if (result.IsEmpty()) {
         RefPtr<DOMArrayBuffer> buffer = DOMArrayBuffer::create(m_arrayBufferContents->at(index));
         v8::Isolate* isolate = m_reader.scriptState()->isolate();
         v8::Local<v8::Object> creationContext = m_reader.scriptState()->context()->Global();
         result = toV8(buffer.get(), creationContext, isolate);
+        if (result.IsEmpty())
+            return false;
         m_arrayBuffers[index] = result;
     }
     *object = result;
     return true;
 }
 
 bool ScriptValueDeserializer::tryGetObjectFromObjectReference(uint32_t reference, v8::Local<v8::Value>* object)
 {
     if (reference >= m_objectPool.size())
         return false;
@@ skipping 58 matching lines @@
         return false;
     uint32_t objectReference = m_openCompositeReferenceStack[m_openCompositeReferenceStack.size() - 1];
     m_openCompositeReferenceStack.shrink(m_openCompositeReferenceStack.size() - 1);
     if (objectReference >= m_objectPool.size())
         return false;
     *object = m_objectPool[objectReference];
     return true;
 }
 
 } // namespace blink