Fix a crash when processing an invalid PAC script.

net/proxy/proxy_resolver_v8.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/proxy/proxy_resolver_v8.h"
 
 #include <algorithm>
 #include <cstdio>
 
 #include "base/basictypes.h"
@@ skipping 413 matching lines @@
   int ResolveProxy(const GURL& query_url, ProxyInfo* results) {
     v8::Locker locked(isolate_);
     v8::Isolate::Scope isolate_scope(isolate_);
     v8::HandleScope scope(isolate_);
 
     v8::Local<v8::Context> context =
         v8::Local<v8::Context>::New(isolate_, v8_context_);
     v8::Context::Scope function_scope(context);
 
     v8::Local<v8::Value> function;
-    if (!GetFindProxyForURL(&function)) {
-      js_bindings()->OnError(
-          -1, base::ASCIIToUTF16("FindProxyForURL() is undefined."));
-      return ERR_PAC_SCRIPT_FAILED;
-    }
+    int rv = GetFindProxyForURL(&function);
+    if (rv != OK)
+      return rv;
 
     v8::Local<v8::Value> argv[] = {
       ASCIIStringToV8String(isolate_, query_url.spec()),
       ASCIIStringToV8String(isolate_, query_url.HostNoBrackets()),
     };
 
     v8::TryCatch try_catch;
     v8::Local<v8::Value> ret = v8::Function::Cast(*function)->Call(
         context->Global(), arraysize(argv), argv);
 
@@ skipping 105 matching lines @@
 
     // Add the user's PAC code to the environment.
     rv =
         RunScript(ScriptDataToV8String(isolate_, pac_script), kPacResourceName);
     if (rv != OK)
       return rv;
 
     // At a minimum, the FindProxyForURL() function must be defined for this
     // to be a legitimiate PAC script.
     v8::Local<v8::Value> function;
-    if (!GetFindProxyForURL(&function)) {
+    return GetFindProxyForURL(&function);
+  }
+
+ private:
+  int GetFindProxyForURL(v8::Local<v8::Value>* function) {
+    v8::Local<v8::Context> context =
+        v8::Local<v8::Context>::New(isolate_, v8_context_);
+
+    v8::TryCatch try_catch;
+
+    *function =
+        context->Global()->Get(
+            ASCIILiteralToV8String(isolate_, "FindProxyForURL"));
+
+    if (try_catch.HasCaught())
+      HandleError(try_catch.Message());
+
+    // The value should only be empty if an exception was thrown. Code
+    // defensively just in case.
+    DCHECK_EQ(function->IsEmpty(), try_catch.HasCaught());
+    if (function->IsEmpty() || try_catch.HasCaught()) {
       js_bindings()->OnError(
-          -1, base::ASCIIToUTF16("FindProxyForURL() is undefined."));
+          -1,
+          base::ASCIIToUTF16("Accessing FindProxyForURL threw an exception."));
+      return ERR_PAC_SCRIPT_FAILED;
+    }
+
+    if (!(*function)->IsFunction()) {
+      js_bindings()->OnError(
+          -1, base::ASCIIToUTF16(
+                  "FindProxyForURL is undefined or not a function."));
       return ERR_PAC_SCRIPT_FAILED;
     }
 
     return OK;
   }
 
- private:
-  bool GetFindProxyForURL(v8::Local<v8::Value>* function) {
-    v8::Local<v8::Context> context =
-        v8::Local<v8::Context>::New(isolate_, v8_context_);
-    *function =
-        context->Global()->Get(
-            ASCIILiteralToV8String(isolate_, "FindProxyForURL"));
-    return (*function)->IsFunction();
-  }
-
   // Handle an exception thrown by V8.
   void HandleError(v8::Local<v8::Message> message) {
     base::string16 error_message;
     int line_number = -1;
 
     if (!message.IsEmpty()) {
       line_number = message->GetLineNumber();
       V8ObjectToUTF16String(message->Get(), &error_message, isolate_);
     }
 
@@ skipping 278 matching lines @@
     return 0;
 
   v8::Locker locked(isolate);
   v8::Isolate::Scope isolate_scope(isolate);
   v8::HeapStatistics heap_statistics;
   isolate->GetHeapStatistics(&heap_statistics);
   return heap_statistics.used_heap_size();
 }
 
 }  // namespace net