Avoid nullptr crash in CJS_App::get_active_docs().
Also add more asserts and fix a nit in cjs_app.cpp.
BUG=pdfium:1252
Change-Id: I10e3dd296e7b0ee609c1c1079337bf6aab7a7edf
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/51292
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/fxjs/BUILD.gn b/fxjs/BUILD.gn
index d8b132d..ecaf20c 100644
--- a/fxjs/BUILD.gn
+++ b/fxjs/BUILD.gn
@@ -248,6 +248,7 @@
if (pdf_enable_xfa) {
sources += [
+ "xfa/cfxjse_app_embeddertest.cpp",
"xfa/cfxjse_formcalc_context_embeddertest.cpp",
"xfa/cfxjse_value_embeddertest.cpp",
]
diff --git a/fxjs/cfx_v8.cpp b/fxjs/cfx_v8.cpp
index f75d2ef..59157fe 100644
--- a/fxjs/cfx_v8.cpp
+++ b/fxjs/cfx_v8.cpp
@@ -46,6 +46,7 @@
void CFX_V8::PutObjectProperty(v8::Local<v8::Object> pObj,
ByteStringView bsUTF8PropertyName,
v8::Local<v8::Value> pPut) {
+ ASSERT(!pPut.IsEmpty());
if (pObj.IsEmpty())
return;
pObj->Set(m_pIsolate->GetCurrentContext(), NewString(bsUTF8PropertyName),
@@ -69,6 +70,7 @@
unsigned CFX_V8::PutArrayElement(v8::Local<v8::Array> pArray,
unsigned index,
v8::Local<v8::Value> pValue) {
+ ASSERT(!pValue.IsEmpty());
if (pArray.IsEmpty())
return 0;
if (pArray->Set(m_pIsolate->GetCurrentContext(), index, pValue).IsNothing())
@@ -101,7 +103,7 @@
}
v8::Local<v8::Number> CFX_V8::NewNumber(float number) {
- return v8::Number::New(GetIsolate(), (float)number);
+ return v8::Number::New(GetIsolate(), number);
}
v8::Local<v8::Boolean> CFX_V8::NewBoolean(bool b) {
diff --git a/fxjs/cjs_app.cpp b/fxjs/cjs_app.cpp
index 89db289..bcd77e0 100644
--- a/fxjs/cjs_app.cpp
+++ b/fxjs/cjs_app.cpp
@@ -95,11 +95,10 @@
CJS_Result CJS_App::get_active_docs(CJS_Runtime* pRuntime) {
v8::Local<v8::Object> pObj = pRuntime->GetThisObj();
auto pJSDocument = JSGetObject<CJS_Document>(pObj);
+ if (!pJSDocument)
+ return CJS_Result::Failure(JSMessage::kObjectTypeError);
v8::Local<v8::Array> aDocs = pRuntime->NewArray();
- pRuntime->PutArrayElement(
- aDocs, 0,
- pJSDocument ? v8::Local<v8::Value>(pJSDocument->ToV8Object())
- : v8::Local<v8::Value>());
+ pRuntime->PutArrayElement(aDocs, 0, pJSDocument->ToV8Object());
if (pRuntime->GetArrayLength(aDocs) > 0)
return CJS_Result::Success(aDocs);
diff --git a/fxjs/xfa/cfxjse_app_embeddertest.cpp b/fxjs/xfa/cfxjse_app_embeddertest.cpp
new file mode 100644
index 0000000..628f56e
--- /dev/null
+++ b/fxjs/xfa/cfxjse_app_embeddertest.cpp
@@ -0,0 +1,15 @@
+// Copyright 2019 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/gtest/include/gtest/gtest.h"
+#include "testing/xfa_js_embedder_test.h"
+
+class CFXJSE_AppEmbedderTest : public XFAJSEmbedderTest {};
+
+// Should not crash.
+TEST_F(CFXJSE_AppEmbedderTest, BUG_1252) {
+ ASSERT_TRUE(OpenDocument("simple_xfa.pdf"));
+
+ EXPECT_FALSE(Execute("app.activeDocs()"));
+}
