[XFA] Apply dynamic type checks to JSE method invocation. Second line of defense in case v8 hands us something unexpected. Change-Id: I27d86c5268c9d6d16317a8c0a97c7e3d06dce63d Reviewed-on: https://pdfium-review.googlesource.com/c/48770 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>

commit: f3c92e4c43061bff8f7444c481ba3743febf91c1 [log] [tgz]
author: Tom Sepez <tsepez@chromium.org> Wed Jan 23 22:33:51 2019 +0000
committer: Chromium commit bot <commit-bot@chromium.org> Wed Jan 23 22:33:51 2019 +0000
tree: 7352f37a007cdf1c436f40adde19b7a7ac7618f5
parent: 7e786cc978b21d8365dc78e3776bef4082279a30 [diff]
diff --git a/fxjs/xfa/jse_define.h b/fxjs/xfa/jse_define.h
index 52bf1d1..26405c9 100644
--- a/fxjs/xfa/jse_define.h
+++ b/fxjs/xfa/jse_define.h

@@ -17,6 +17,8 @@
   static CJS_Result method_name##_static(                            \
       CJX_Object* node, CFX_V8* runtime,                             \
       const std::vector<v8::Local<v8::Value>>& params) {             \
+    if (!node->DynamicTypeIs(static_type__))                         \
+      return CJS_Result::Failure(JSMessage::kBadObjectError);        \
     return static_cast<Type__*>(node)->method_name(runtime, params); \
   }                                                                  \
   CJS_Result method_name(CFX_V8* runtime,                            \
commit	f3c92e4c43061bff8f7444c481ba3743febf91c1	[log] [tgz]
author	Tom Sepez <tsepez@chromium.org>	Wed Jan 23 22:33:51 2019 +0000
committer	Chromium commit bot <commit-bot@chromium.org>	Wed Jan 23 22:33:51 2019 +0000
tree	7352f37a007cdf1c436f40adde19b7a7ac7618f5
parent	7e786cc978b21d8365dc78e3776bef4082279a30 [diff]