[XFA] Apply dynamic type checks to JSE method invocation.
Second line of defense in case v8 hands us something unexpected.
Change-Id: I27d86c5268c9d6d16317a8c0a97c7e3d06dce63d
Reviewed-on: https://pdfium-review.googlesource.com/c/48770
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/xfa/jse_define.h b/fxjs/xfa/jse_define.h
index 52bf1d1..26405c9 100644
--- a/fxjs/xfa/jse_define.h
+++ b/fxjs/xfa/jse_define.h
@@ -17,6 +17,8 @@
static CJS_Result method_name##_static( \
CJX_Object* node, CFX_V8* runtime, \
const std::vector<v8::Local<v8::Value>>& params) { \
+ if (!node->DynamicTypeIs(static_type__)) \
+ return CJS_Result::Failure(JSMessage::kBadObjectError); \
return static_cast<Type__*>(node)->method_name(runtime, params); \
} \
CJS_Result method_name(CFX_V8* runtime, \