Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issue 1412103010: Segv when PDF-side JS object property getter invoked from XFA. (Closed)

Created:
5 years, 1 month ago by Tom Sepez
Modified:
5 years, 1 month ago
CC:
pdfium-reviews_googlegroups.com
Base URL:
https://pdfium.googlesource.com/pdfium.git@xfa
Target Ref:
refs/heads/xfa
Visibility:
Public.

Description

Segv when PDF-side JS object property getter invoked from XFA. The PDF-side native objects require that the current v8 context has been set-up to point at the state (via CJS_Runtime) for the getters, setters, and methods to operate against. XFA doesn't supply a context with that state, so at the first opportunity for a PDF-side object to be leaked to XFA, set up the context to mimic the PDF side. Changed FXJS_GetRuntimeFromIsolate() to FXJS_GetRuntimeFromV8Context() for consistency with the newly added method. BUG=pdfium:266 R=jochen@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/4f4603cc1b498bca3b1619006137e50ce80088c1

Patch Set 1 #

Total comments: 4

Patch Set 2 : rewrite comments. #

Total comments: 2

Patch Set 3 : Comment about using right context. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+39 lines, -20 lines) Patch
M fpdfsdk/include/jsapi/fxjs_v8.h View 1 2 1 chunk +7 lines, -1 line 0 comments Download
M fpdfsdk/src/javascript/JS_Define.h View 7 chunks +14 lines, -13 lines 0 comments Download
M fpdfsdk/src/javascript/JS_Runtime.cpp View 1 2 1 chunk +10 lines, -2 lines 0 comments Download
M fpdfsdk/src/jsapi/fxjs_v8.cpp View 1 2 2 chunks +8 lines, -4 lines 0 comments Download

Messages

Total messages: 19 (8 generated)
Tom Sepez
Lei, for review. This is probably blocking testing.
5 years, 1 month ago (2015-11-05 21:59:07 UTC) #6
Lei Zhang
+jochen
5 years, 1 month ago (2015-11-05 22:16:14 UTC) #10
Tom Sepez
On 2015/11/05 22:16:14, Lei Zhang wrote: > +jochen Jun, if testing is blocked, you might ...
5 years, 1 month ago (2015-11-06 17:08:19 UTC) #11
jochen (gone - plz use gerrit)
https://codereview.chromium.org/1412103010/diff/1/fpdfsdk/src/javascript/JS_Runtime.cpp File fpdfsdk/src/javascript/JS_Runtime.cpp (right): https://codereview.chromium.org/1412103010/diff/1/fpdfsdk/src/javascript/JS_Runtime.cpp#newcode256 fpdfsdk/src/javascript/JS_Runtime.cpp:256: // with it at this point. i don't understand ...
5 years, 1 month ago (2015-11-07 05:56:19 UTC) #12
Tom Sepez
https://codereview.chromium.org/1412103010/diff/1/fpdfsdk/src/javascript/JS_Runtime.cpp File fpdfsdk/src/javascript/JS_Runtime.cpp (right): https://codereview.chromium.org/1412103010/diff/1/fpdfsdk/src/javascript/JS_Runtime.cpp#newcode256 fpdfsdk/src/javascript/JS_Runtime.cpp:256: // with it at this point. On 2015/11/07 05:56:18, ...
5 years, 1 month ago (2015-11-09 22:15:05 UTC) #13
Tom Sepez
Jun, please pull this patch and try it in your testing.
5 years, 1 month ago (2015-11-10 00:20:23 UTC) #14
Tom Sepez
Jun, please pull this patch and try it in your testing.
5 years, 1 month ago (2015-11-10 00:20:25 UTC) #15
jun_fang
On 2015/11/10 00:20:25, Tom Sepez wrote: > Jun, please pull this patch and try it ...
5 years, 1 month ago (2015-11-10 00:36:21 UTC) #16
jochen (gone - plz use gerrit)
lgtm with nit https://codereview.chromium.org/1412103010/diff/20001/fpdfsdk/src/javascript/JS_Runtime.cpp File fpdfsdk/src/javascript/JS_Runtime.cpp (right): https://codereview.chromium.org/1412103010/diff/20001/fpdfsdk/src/javascript/JS_Runtime.cpp#newcode259 fpdfsdk/src/javascript/JS_Runtime.cpp:259: // embedder data slots. hum, I ...
5 years, 1 month ago (2015-11-10 20:00:32 UTC) #17
Tom Sepez
https://codereview.chromium.org/1412103010/diff/20001/fpdfsdk/src/javascript/JS_Runtime.cpp File fpdfsdk/src/javascript/JS_Runtime.cpp (right): https://codereview.chromium.org/1412103010/diff/20001/fpdfsdk/src/javascript/JS_Runtime.cpp#newcode259 fpdfsdk/src/javascript/JS_Runtime.cpp:259: // embedder data slots. On 2015/11/10 20:00:31, jochen (slow ...
5 years, 1 month ago (2015-11-10 23:02:42 UTC) #18
Tom Sepez
5 years, 1 month ago (2015-11-10 23:03:17 UTC) #19
Message was sent while issue was closed.
Committed patchset #3 (id:40001) manually as
4f4603cc1b498bca3b1619006137e50ce80088c1 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698