Google Git
Sign in
pdfium / pdfium / 3c738eb4f1deb83d8e336f15da610e76626c1670^! / .
commit3c738eb4f1deb83d8e336f15da610e76626c1670[log] [tgz]
authorTom Sepez <tsepez@chromium.org>Fri Aug 07 23:40:57 2020 +0000
committerChromium commit bot <commit-bot@chromium.org>Fri Aug 07 23:40:57 2020 +0000
treebf3ea8425c01d05b2c86ddbdb564bb40d8aedeae
parente3278dd396a15de1291752f71d6a91def3756114 [diff]
Track CJX_Objects in CFXJSE_Engine::m_mapObjectToValue

CJX_Objects are 1:1 with the CXFA_Nodes that are currently
tracked in this map, but at a lower layer. These are more
appropriate for CFXJSE_Engine, especially since the data slot
on the V8 side points back to a CJX_Object, not a CXFA_Node.

Change-Id: I79d293362c8324df0b01f8e1a9087a7003f5d61c
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/72570
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>

diff --git a/fxjs/xfa/cfxjse_engine.cpp b/fxjs/xfa/cfxjse_engine.cpp
index 55b511b..2d32a67 100644
--- a/fxjs/xfa/cfxjse_engine.cpp
+++ b/fxjs/xfa/cfxjse_engine.cpp

@@ -121,8 +121,8 @@
 }
 
 CFXJSE_Engine::~CFXJSE_Engine() {
-  // This is what ensures that the v8 object bound to a CXFA_Node
-  // no longer retains that binding since it will outlive that node.
+  // This is what ensures that the v8 object bound to a CJX_Object
+  // no longer retains that binding since it will outlive that object.
   for (const auto& pair : m_mapObjectToValue)
     pair.second->ClearHostObject();
 }
@@ -773,15 +773,16 @@
   if (pObject->IsNode())
     RunVariablesScript(pObject->AsNode());
 
-  auto iter = m_mapObjectToValue.find(pObject);
+  CJX_Object* pCJXObject = pObject->JSObject();
+  auto iter = m_mapObjectToValue.find(pCJXObject);
   if (iter != m_mapObjectToValue.end())
     return iter->second.get();
 
   auto jsValue = std::make_unique<CFXJSE_Value>(GetIsolate());
-  jsValue->SetHostObject(pObject->JSObject(), m_pJsClass.Get());
+  jsValue->SetHostObject(pCJXObject, m_pJsClass.Get());
 
   CFXJSE_Value* pValue = jsValue.get();
-  m_mapObjectToValue.insert(std::make_pair(pObject, std::move(jsValue)));
+  m_mapObjectToValue[pCJXObject] = std::move(jsValue);
   return pValue;
 }
 

diff --git a/fxjs/xfa/cfxjse_engine.h b/fxjs/xfa/cfxjse_engine.h
index fe3b859..8d9ae25 100644
--- a/fxjs/xfa/cfxjse_engine.h
+++ b/fxjs/xfa/cfxjse_engine.h

@@ -125,8 +125,8 @@
   UnownedPtr<CFXJSE_Class> m_pJsClass;
   CXFA_Script::Type m_eScriptType = CXFA_Script::Type::Unknown;
   // |m_mapObjectToValue| is what ensures the v8 object bound to a
-  // CXFA_Node remains valid for the lifetime of the engine.
-  std::map<CXFA_Object*, std::unique_ptr<CFXJSE_Value>> m_mapObjectToValue;
+  // CJX_Object remains valid for the lifetime of the engine.
+  std::map<CJX_Object*, std::unique_ptr<CFXJSE_Value>> m_mapObjectToValue;
   std::map<CXFA_Object*, std::unique_ptr<CFXJSE_Context>>
       m_mapVariableToContext;
   UnownedPtr<CXFA_EventParam> m_eventParam;