Google Git
Sign in
pdfium/pdfium.git/refs/heads/chromium/7465^!/.
commit
6aadd6ed35dcf9abbef5fb8ad13ac81d6ed92566
[log]
author
Andreas Haas <ahaas@google.com>
Fri Oct 10 14:33:20 2025 -0700
committer
Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Oct 10 14:33:20 2025 -0700
tree
ddb4a0fa1f374b22ce618f034abe211750f7d13c
parent
3cb243a670f86efbb3d9c6663de7a9c5bf93232d [diff]
Add type tags to calls to v8::External

The v8::External API got extended to take a type tag parameter. A
v8::External created with a Tag A can only be unwrapped with the same
Tag A.

So far, this CL only adds the default tag everywhere in PDFium.
Ideally, each type stored in a v8::External would get its own tag.
However, it is unclear so far how to synchronize the tags used in
PDFium with the tags used in Blink.

Change-Id: Ic18c72f6c008c2f31796b9a48b9a3625a3ca7ca2
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/136650
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>

diff --git a/fxjs/xfa/cfxjse_class.cpp b/fxjs/xfa/cfxjse_class.cpp
index 47b3339..0e5f8c4 100644
--- a/fxjs/xfa/cfxjse_class.cpp
+++ b/fxjs/xfa/cfxjse_class.cpp

@@ -50,7 +50,8 @@
 void V8FunctionCallback_Wrapper(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   const FXJSE_FUNCTION_DESCRIPTOR* pFunctionInfo =
-      AsFunctionDescriptor(info.Data().As<v8::External>()->Value());
+      AsFunctionDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pFunctionInfo) {
     return;
   }
@@ -65,21 +66,22 @@
   }
 
   const FXJSE_CLASS_DESCRIPTOR* pClassDescriptor =
-      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pClassDescriptor) {
     return;
   }
 
   DCHECK_EQ(info.This()->InternalFieldCount(), 2);
-  info.This()->SetAlignedPointerInInternalField(
-      0, nullptr, kDefaultPDFiumTag);
+  info.This()->SetAlignedPointerInInternalField(0, nullptr, kDefaultPDFiumTag);
   info.This()->SetInternalField(1, v8::Undefined(info.GetIsolate()));
 }
 
 void Context_GlobalObjToString(
     const v8::FunctionCallbackInfo<v8::Value>& info) {
   const FXJSE_CLASS_DESCRIPTOR* pClassDescriptor =
-      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pClassDescriptor) {
     return;
   }
@@ -106,8 +108,7 @@
   }
 
   auto* pClassDescriptor = static_cast<const FXJSE_CLASS_DESCRIPTOR*>(
-      hCallBackInfo->GetAlignedPointerFromInternalField(
-          0, kDefaultPDFiumTag));
+      hCallBackInfo->GetAlignedPointerFromInternalField(0, kDefaultPDFiumTag));
   if (pClassDescriptor != &kGlobalClassDescriptor &&
       pClassDescriptor != &kNormalClassDescriptor &&
       pClassDescriptor != &kVariablesClassDescriptor &&
@@ -212,7 +213,8 @@
     v8::Local<v8::Name> property,
     const v8::PropertyCallbackInfo<v8::Integer>& info) {
   const FXJSE_CLASS_DESCRIPTOR* pClass =
-      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pClass) {
     return v8::Intercepted::kNo;
   }
@@ -235,7 +237,8 @@
     v8::Local<v8::Name> property,
     const v8::PropertyCallbackInfo<v8::Value>& info) {
   const FXJSE_CLASS_DESCRIPTOR* pClass =
-      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pClass) {
     return v8::Intercepted::kNo;
   }
@@ -255,7 +258,8 @@
     v8::Local<v8::Value> value,
     const v8::PropertyCallbackInfo<void>& info) {
   const FXJSE_CLASS_DESCRIPTOR* pClass =
-      AsClassDescriptor(info.Data().As<v8::External>()->Value());
+      AsClassDescriptor(info.Data().As<v8::External>()->Value(
+          v8::kExternalPointerTypeTagDefault));
   if (!pClass) {
     return v8::Intercepted::kNo;
   }
@@ -285,7 +289,8 @@
                                           : nullptr,
       nullptr, NamedPropertyEnumeratorCallback,
       v8::External::New(pIsolate,
-                        const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor)),
+                        const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor),
+                        v8::kExternalPointerTypeTagDefault),
       v8::PropertyHandlerFlags::kNonMasking);
   pObjectTemplate->SetHandler(configuration);
 }
@@ -315,7 +320,8 @@
   v8::Local<v8::FunctionTemplate> hFunctionTemplate = v8::FunctionTemplate::New(
       pIsolate, bIsJSGlobal ? nullptr : V8ConstructorCallback_Wrapper,
       v8::External::New(pIsolate,
-                        const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor)));
+                        const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor),
+                        v8::kExternalPointerTypeTagDefault));
   v8::Local<v8::String> classname =
       fxv8::NewStringHelper(pIsolate, pClassDescriptor->name);
   hFunctionTemplate->SetClassName(classname);
@@ -331,7 +337,8 @@
     v8::Local<v8::FunctionTemplate> fun = v8::FunctionTemplate::New(
         pIsolate, V8FunctionCallback_Wrapper,
         v8::External::New(pIsolate,
-                          const_cast<FXJSE_FUNCTION_DESCRIPTOR*>(&method)));
+                          const_cast<FXJSE_FUNCTION_DESCRIPTOR*>(&method),
+                          v8::kExternalPointerTypeTagDefault));
     fun->RemovePrototype();
     hObjectTemplate->Set(
         fxv8::NewStringHelper(pIsolate, method.name), fun,
@@ -341,8 +348,9 @@
   if (bIsJSGlobal) {
     v8::Local<v8::FunctionTemplate> fn = v8::FunctionTemplate::New(
         pIsolate, Context_GlobalObjToString,
-        v8::External::New(
-            pIsolate, const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor)));
+        v8::External::New(pIsolate,
+                          const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor),
+                          v8::kExternalPointerTypeTagDefault));
     fn->RemovePrototype();
     hObjectTemplate->Set(fxv8::NewStringHelper(pIsolate, "toString"), fn);
   }

diff --git a/fxjs/xfa/cfxjse_runtimedata.cpp b/fxjs/xfa/cfxjse_runtimedata.cpp
index a1b68b9..0d4126a 100644
--- a/fxjs/xfa/cfxjse_runtimedata.cpp
+++ b/fxjs/xfa/cfxjse_runtimedata.cpp

@@ -4,14 +4,13 @@
 
 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
 
-#include "fxjs/xfa/cfxjse_runtimedata.h"
-
 #include <utility>
 
 #include "core/fxcrt/check_op.h"
 #include "fxjs/cfxjs_engine.h"
 #include "fxjs/fxv8.h"
 #include "fxjs/xfa/cfxjse_isolatetracker.h"
+#include "fxjs/xfa/cfxjse_runtimedata.h"
 #include "v8/include/v8-context.h"
 #include "v8/include/v8-external.h"
 #include "v8/include/v8-isolate.h"
@@ -40,7 +39,8 @@
 
   DCHECK_EQ(hContext->Global()->InternalFieldCount(), 0);
 
-  hContext->SetSecurityToken(v8::External::New(pIsolate, pIsolate));
+  hContext->SetSecurityToken(v8::External::New(
+      pIsolate, pIsolate, v8::kExternalPointerTypeTagDefault));
   pRuntimeData->root_context_global_template_.Reset(pIsolate, hFuncTemplate);
   pRuntimeData->root_context_.Reset(pIsolate, hContext);
   return pRuntimeData;