Fix two XFA JS calls that trigger fatal errors in v8::FromJust().
BUG=pdfium:1223
Change-Id: I38056756372cbb8ab593917517b784fe3ce0b811
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/51874
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/BUILD.gn b/BUILD.gn
index 6885fc2..f0accf1 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -349,6 +349,7 @@
if (pdf_enable_xfa) {
deps += [
+ "fpdfsdk/fpdfxfa:embeddertests",
"xfa/fwl:embeddertests",
"xfa/fxfa/parser:embeddertests",
]
diff --git a/fpdfsdk/fpdfxfa/BUILD.gn b/fpdfsdk/fpdfxfa/BUILD.gn
index d59c237..662cbc8 100644
--- a/fpdfsdk/fpdfxfa/BUILD.gn
+++ b/fpdfsdk/fpdfxfa/BUILD.gn
@@ -4,6 +4,7 @@
import("//build/config/jumbo.gni")
import("../../pdfium.gni")
+import("../../testing/test.gni")
assert(pdf_enable_xfa)
@@ -33,3 +34,14 @@
configs += [ "../../:pdfium_core_config" ]
visibility = [ "../../*" ]
}
+
+pdfium_embeddertest_source_set("embeddertests") {
+ sources = [
+ "cpdfxfa_docenvironment_embeddertest.cpp",
+ ]
+ configs = [ "//v8:external_startup_data" ]
+ deps = [
+ "../../fxjs",
+ ]
+ pdfium_root_dir = "../../"
+}
diff --git a/fpdfsdk/fpdfxfa/cpdfxfa_docenvironment_embeddertest.cpp b/fpdfsdk/fpdfxfa/cpdfxfa_docenvironment_embeddertest.cpp
new file mode 100644
index 0000000..1dce59c
--- /dev/null
+++ b/fpdfsdk/fpdfxfa/cpdfxfa_docenvironment_embeddertest.cpp
@@ -0,0 +1,15 @@
+// Copyright 2019 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/gtest/include/gtest/gtest.h"
+#include "testing/xfa_js_embedder_test.h"
+
+class CPDFXFA_DocEnvironmentEmbedderTest : public XFAJSEmbedderTest {};
+
+// Should not crash.
+TEST_F(CPDFXFA_DocEnvironmentEmbedderTest, BUG_1223) {
+ ASSERT_TRUE(OpenDocument("simple_xfa.pdf"));
+
+ EXPECT_FALSE(Execute("URL=y"));
+}
diff --git a/fxjs/cjs_runtime.cpp b/fxjs/cjs_runtime.cpp
index 186cb3c..56a5617 100644
--- a/fxjs/cjs_runtime.cpp
+++ b/fxjs/cjs_runtime.cpp
@@ -228,9 +228,10 @@
v8::String::NewFromUtf8(pIsolate, utf8Name.unterminated_c_str(),
v8::NewStringType::kNormal, utf8Name.GetLength())
.ToLocalChecked();
- return context->Global()->Set(context, str, propvalue).FromJust();
+ v8::Maybe<bool> result = context->Global()->Set(context, str, propvalue);
+ return result.IsJust() && result.FromJust();
}
-#endif
+#endif // PDF_ENABLE_XFA
v8::Local<v8::Value> CJS_Runtime::MaybeCoerceToNumber(
v8::Local<v8::Value> value) {
diff --git a/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp b/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
index f0b2d78..6fb58bf 100644
--- a/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
+++ b/fxjs/xfa/cfxjse_formcalc_context_embeddertest.cpp
@@ -1646,3 +1646,10 @@
context->SetEventParam(nullptr);
}
+
+// Should not crash.
+TEST_F(CFXJSE_FormCalcContextEmbedderTest, BUG_1223) {
+ ASSERT_TRUE(OpenDocument("simple_xfa.pdf"));
+
+ EXPECT_FALSE(Execute("!.somExpression=0"));
+}
diff --git a/fxjs/xfa/cfxjse_value.cpp b/fxjs/xfa/cfxjse_value.cpp
index 70a5340..c55226d 100644
--- a/fxjs/xfa/cfxjse_value.cpp
+++ b/fxjs/xfa/cfxjse_value.cpp
@@ -144,9 +144,9 @@
.ToLocalChecked();
v8::Local<v8::Value> hPropValue =
v8::Local<v8::Value>::New(GetIsolate(), lpPropValue->DirectGetValue());
- return hObject.As<v8::Object>()
- ->Set(GetIsolate()->GetCurrentContext(), hPropName, hPropValue)
- .FromJust();
+ v8::Maybe<bool> result = hObject.As<v8::Object>()->Set(
+ GetIsolate()->GetCurrentContext(), hPropName, hPropValue);
+ return result.IsJust() && result.FromJust();
}
bool CFXJSE_Value::GetObjectProperty(ByteStringView szPropName,
