Fix crash in CXFA_Node::TryUserData() (speculative)

Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
Committed: https://pdfium.googlesource.com/pdfium/+/2334e9e583799a8cb2dfefb3c7e15c5a7da8ead0

[Tom Sepez, 2016-06-09 00:23:09]

Description was changed from

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the alignment is getting messed up when it fails to adjust for the
vtable.  Using CFXJSE_HostObject consitently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

to

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the alignment is getting messed up when it fails to adjust for the
vtable.  Using CFXJSE_HostObject consitently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

[Tom Sepez, 2016-06-09 00:23:10]

tsepez@chromium.org changed reviewers:
+ thestig@chromium.org

[Tom Sepez, 2016-06-09 00:24:22]

Description was changed from

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the alignment is getting messed up when it fails to adjust for the
vtable.  Using CFXJSE_HostObject consitently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

to

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consitently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

[Tom Sepez, 2016-06-09 00:25:02]

Lei, for review.  We're getting lots of reports of this.

[Lei Zhang, 2016-06-09 00:30:03]

lgtm

[dsinclair, 2016-06-09 14:26:00]

dsinclair@chromium.org changed reviewers:
+ dsinclair@chromium.org

[dsinclair, 2016-06-09 14:26:00]

lgtm w/ nit: consistently incorrect in description.

[Tom Sepez, 2016-06-09 16:32:19]

Description was changed from

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consitently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

to

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

[Tom Sepez, 2016-06-09 16:32:23]

The CQ bit was checked by tsepez@chromium.org

[commit-bot: I haz the power, 2016-06-09 16:32:30]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2055473004/1

[Tom Sepez, 2016-06-09 16:32:50]

Description was changed from

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

to

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for its vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

[commit-bot: I haz the power, 2016-06-09 16:32:51]

Description was changed from

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for its vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339
==========

to

==========
Fix crash in CXFA_Node::TryUserData() (speculative)

Fix is speculative because I can't repro locally, but I know the
current code is wrong.

I fixed this intially in https://codereview.chromium.org/2015143005/
I then broke it again in https://codereview.chromium.org/2019333006/

There is another spot where we are still casting through void*, and
the CXFA_Node*'s alignment is getting messed up when it fails to adjust
for it's vtable.  Using CFXJSE_HostObject consistently avoids the issue.

Adding a virtual dtor to CFXJSE_HostObject might skirt the issue, but
I want to be able to wrap simple objects without that penalty if
desired.

BUG=616339

Committed:
https://pdfium.googlesource.com/pdfium/+/2334e9e583799a8cb2dfefb3c7e15c5a7da8...
==========

[commit-bot: I haz the power, 2016-06-09 16:32:52]

Committed patchset #1 (id:1) as
https://pdfium.googlesource.com/pdfium/+/2334e9e583799a8cb2dfefb3c7e15c5a7da8...