[pdfium] Use type tags for data stored in V8 internal fields v8::Context::SetAlignedPointerInEmbedderData and v8::Object::SetAlignedPointerInInternalField both allow to use type tags now. With this CL, type tags are added to all call sites of these methods, as the methods without type tags will be deprecated. Bug: 433909571 Change-Id: Iefa69812deb5a5c8db00aa9d473772cccb650343 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/135970 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/cfxjs_engine.cpp b/fxjs/cfxjs_engine.cpp index f3720ac..80fc55f 100644 --- a/fxjs/cfxjs_engine.cpp +++ b/fxjs/cfxjs_engine.cpp
@@ -33,6 +33,11 @@ CFX_V8ArrayBufferAllocator* g_arrayBufferAllocator = nullptr; v8::Global<v8::ObjectTemplate>* g_DefaultGlobalObjectTemplate = nullptr; +// TODO(pdfium): Define and use type-specific type tags for aligned pointers +// stored in V8 objects. The type tags should not overlap with the ones used by +// Blink, as defined in gin/public/gin_embedders.h. +constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0; + // Only the address matters, values are for humans debugging. ASLR should // ensure that these values are unlikely to arise otherwise. Keep these // wchar_t to prevent the compiler from doing something clever, like @@ -61,9 +66,10 @@ v8::Local<v8::Object> pObj) { if (pObj->InternalFieldCount() == 2) { pObj->SetAlignedPointerInInternalField( - 0, GetAlignedPointerForPerObjectDataTag()); - pObj->SetAlignedPointerInInternalField(1, - new CFXJS_PerObjectData(nObjDefnID)); + 0, GetAlignedPointerForPerObjectDataTag(), + kDefaultPDFiumTag); + pObj->SetAlignedPointerInInternalField( + 1, new CFXJS_PerObjectData(nObjDefnID), kDefaultPDFiumTag); } } @@ -82,7 +88,8 @@ // static bool CFXJS_PerObjectData::HasInternalFields(v8::Local<v8::Object> pObj) { return pObj->InternalFieldCount() == 2 && - pObj->GetAlignedPointerFromInternalField(0) == + pObj->GetAlignedPointerFromInternalField( + 0, kDefaultPDFiumTag) == GetAlignedPointerForPerObjectDataTag(); } @@ -90,7 +97,8 @@ CFXJS_PerObjectData* CFXJS_PerObjectData::ExtractFromObject( v8::Local<v8::Object> pObj) { return static_cast<CFXJS_PerObjectData*>( - pObj->GetAlignedPointerFromInternalField(1)); + pObj->GetAlignedPointerFromInternalField(1, + kDefaultPDFiumTag)); } CFXJS_PerObjectData::CFXJS_PerObjectData(uint32_t nObjDefnID) @@ -194,8 +202,10 @@ } v8::Local<v8::Object> holder = info.This(); DCHECK_EQ(holder->InternalFieldCount(), 2); - holder->SetAlignedPointerInInternalField(0, nullptr); - holder->SetAlignedPointerInInternalField(1, nullptr); + holder->SetAlignedPointerInInternalField(0, nullptr, + kDefaultPDFiumTag); + holder->SetAlignedPointerInInternalField(1, nullptr, + kDefaultPDFiumTag); } FXJSOBJTYPE GetObjType() const { return obj_type_; } @@ -419,8 +429,10 @@ // static void CFXJS_Engine::FreePerObjectData(v8::Local<v8::Object> pObj) { CFXJS_PerObjectData* pData = CFXJS_PerObjectData::GetFromObject(pObj); - pObj->SetAlignedPointerInInternalField(0, nullptr); - pObj->SetAlignedPointerInInternalField(1, nullptr); + pObj->SetAlignedPointerInInternalField(0, nullptr, + kDefaultPDFiumTag); + pObj->SetAlignedPointerInInternalField(1, nullptr, + kDefaultPDFiumTag); delete pData; } @@ -524,8 +536,10 @@ // in case we don't process a FXJSOBJTYPE_GLOBAL below. v8::Local<v8::Object> pThis = v8Context->Global(); if (pThis->InternalFieldCount() == 2) { - pThis->SetAlignedPointerInInternalField(0, nullptr); - pThis->SetAlignedPointerInInternalField(1, nullptr); + pThis->SetAlignedPointerInInternalField(0, nullptr, + kDefaultPDFiumTag); + pThis->SetAlignedPointerInInternalField(1, nullptr, + kDefaultPDFiumTag); } v8::Context::Scope context_scope(v8Context);
diff --git a/fxjs/xfa/cfxjse_class.cpp b/fxjs/xfa/cfxjse_class.cpp index 3af21ed..47b3339 100644 --- a/fxjs/xfa/cfxjse_class.cpp +++ b/fxjs/xfa/cfxjse_class.cpp
@@ -32,6 +32,11 @@ namespace { +// TODO(pdfium): Define and use type-specific type tags for aligned pointers +// stored in V8 objects. The type tags should not overlap with the ones used by +// Blink, as defined in gin/public/gin_embedders.h. +constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0; + FXJSE_FUNCTION_DESCRIPTOR* AsFunctionDescriptor(void* ptr) { auto* result = static_cast<FXJSE_FUNCTION_DESCRIPTOR*>(ptr); return result && result->tag == kFuncTag ? result : nullptr; @@ -66,8 +71,9 @@ } DCHECK_EQ(info.This()->InternalFieldCount(), 2); - info.This()->SetAlignedPointerInInternalField(0, nullptr); - info.This()->SetAlignedPointerInInternalField(1, nullptr); + info.This()->SetAlignedPointerInInternalField( + 0, nullptr, kDefaultPDFiumTag); + info.This()->SetInternalField(1, v8::Undefined(info.GetIsolate())); } void Context_GlobalObjToString( @@ -100,7 +106,8 @@ } auto* pClassDescriptor = static_cast<const FXJSE_CLASS_DESCRIPTOR*>( - hCallBackInfo->GetAlignedPointerFromInternalField(0)); + hCallBackInfo->GetAlignedPointerFromInternalField( + 0, kDefaultPDFiumTag)); if (pClassDescriptor != &kGlobalClassDescriptor && pClassDescriptor != &kNormalClassDescriptor && pClassDescriptor != &kVariablesClassDescriptor && @@ -156,7 +163,8 @@ hCallBackInfoTemplate->NewInstance(pIsolate->GetCurrentContext()) .ToLocalChecked(); hCallBackInfo->SetAlignedPointerInInternalField( - 0, const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor)); + 0, const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor), + kDefaultPDFiumTag); hCallBackInfo->SetInternalField( 1, fxv8::NewStringHelper(pIsolate, szPropName)); return std::make_unique<CFXJSE_Value>(
diff --git a/fxjs/xfa/cfxjse_context.cpp b/fxjs/xfa/cfxjse_context.cpp index 74516ca..1e75673 100644 --- a/fxjs/xfa/cfxjse_context.cpp +++ b/fxjs/xfa/cfxjse_context.cpp
@@ -27,6 +27,11 @@ namespace { +// TODO(pdfium): Define and use type-specific type tags for aligned pointers +// stored in V8 objects. The type tags should not overlap with the ones used by +// Blink, as defined in gin/public/gin_embedders.h. +constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0; + const char szCompatibleModeScript[] = "(function(global, list) {\n" " 'use strict';\n" @@ -126,15 +131,19 @@ DCHECK(!hObject.IsEmpty()); DCHECK_EQ(hObject->InternalFieldCount(), 2); hObject->SetAlignedPointerInInternalField( - 0, const_cast<wchar_t*>(kFXJSEHostObjectTag)); - hObject->SetAlignedPointerInInternalField(1, pNewBinding); + 0, const_cast<wchar_t*>(kFXJSEHostObjectTag), + kDefaultPDFiumTag); + hObject->SetAlignedPointerInInternalField(1, pNewBinding, + kDefaultPDFiumTag); } void FXJSE_ClearObjectBinding(v8::Local<v8::Object> hObject) { DCHECK(!hObject.IsEmpty()); DCHECK_EQ(hObject->InternalFieldCount(), 2); - hObject->SetAlignedPointerInInternalField(0, nullptr); - hObject->SetAlignedPointerInInternalField(1, nullptr); + hObject->SetAlignedPointerInInternalField(0, nullptr, + kDefaultPDFiumTag); + hObject->SetAlignedPointerInInternalField(1, nullptr, + kDefaultPDFiumTag); } CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Value> hValue) { @@ -144,12 +153,14 @@ v8::Local<v8::Object> hObject = hValue.As<v8::Object>(); if (hObject->InternalFieldCount() != 2 || - hObject->GetAlignedPointerFromInternalField(0) != kFXJSEHostObjectTag) { + hObject->GetAlignedPointerFromInternalField( + 0, kDefaultPDFiumTag) != kFXJSEHostObjectTag) { return nullptr; } return static_cast<CFXJSE_HostObject*>( - hObject->GetAlignedPointerFromInternalField(1)); + hObject->GetAlignedPointerFromInternalField( + 1, kDefaultPDFiumTag)); } // static