[pdfium] Use type tags for data stored in V8 internal fields
v8::Context::SetAlignedPointerInEmbedderData and
v8::Object::SetAlignedPointerInInternalField both allow to use type tags
now. With this CL, type tags are added to all call sites of these
methods, as the methods without type tags will be deprecated.
Bug: 433909571
Change-Id: Iefa69812deb5a5c8db00aa9d473772cccb650343
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/135970
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
diff --git a/fxjs/cfxjs_engine.cpp b/fxjs/cfxjs_engine.cpp
index f3720ac..80fc55f 100644
--- a/fxjs/cfxjs_engine.cpp
+++ b/fxjs/cfxjs_engine.cpp
@@ -33,6 +33,11 @@
CFX_V8ArrayBufferAllocator* g_arrayBufferAllocator = nullptr;
v8::Global<v8::ObjectTemplate>* g_DefaultGlobalObjectTemplate = nullptr;
+// TODO(pdfium): Define and use type-specific type tags for aligned pointers
+// stored in V8 objects. The type tags should not overlap with the ones used by
+// Blink, as defined in gin/public/gin_embedders.h.
+constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0;
+
// Only the address matters, values are for humans debugging. ASLR should
// ensure that these values are unlikely to arise otherwise. Keep these
// wchar_t to prevent the compiler from doing something clever, like
@@ -61,9 +66,10 @@
v8::Local<v8::Object> pObj) {
if (pObj->InternalFieldCount() == 2) {
pObj->SetAlignedPointerInInternalField(
- 0, GetAlignedPointerForPerObjectDataTag());
- pObj->SetAlignedPointerInInternalField(1,
- new CFXJS_PerObjectData(nObjDefnID));
+ 0, GetAlignedPointerForPerObjectDataTag(),
+ kDefaultPDFiumTag);
+ pObj->SetAlignedPointerInInternalField(
+ 1, new CFXJS_PerObjectData(nObjDefnID), kDefaultPDFiumTag);
}
}
@@ -82,7 +88,8 @@
// static
bool CFXJS_PerObjectData::HasInternalFields(v8::Local<v8::Object> pObj) {
return pObj->InternalFieldCount() == 2 &&
- pObj->GetAlignedPointerFromInternalField(0) ==
+ pObj->GetAlignedPointerFromInternalField(
+ 0, kDefaultPDFiumTag) ==
GetAlignedPointerForPerObjectDataTag();
}
@@ -90,7 +97,8 @@
CFXJS_PerObjectData* CFXJS_PerObjectData::ExtractFromObject(
v8::Local<v8::Object> pObj) {
return static_cast<CFXJS_PerObjectData*>(
- pObj->GetAlignedPointerFromInternalField(1));
+ pObj->GetAlignedPointerFromInternalField(1,
+ kDefaultPDFiumTag));
}
CFXJS_PerObjectData::CFXJS_PerObjectData(uint32_t nObjDefnID)
@@ -194,8 +202,10 @@
}
v8::Local<v8::Object> holder = info.This();
DCHECK_EQ(holder->InternalFieldCount(), 2);
- holder->SetAlignedPointerInInternalField(0, nullptr);
- holder->SetAlignedPointerInInternalField(1, nullptr);
+ holder->SetAlignedPointerInInternalField(0, nullptr,
+ kDefaultPDFiumTag);
+ holder->SetAlignedPointerInInternalField(1, nullptr,
+ kDefaultPDFiumTag);
}
FXJSOBJTYPE GetObjType() const { return obj_type_; }
@@ -419,8 +429,10 @@
// static
void CFXJS_Engine::FreePerObjectData(v8::Local<v8::Object> pObj) {
CFXJS_PerObjectData* pData = CFXJS_PerObjectData::GetFromObject(pObj);
- pObj->SetAlignedPointerInInternalField(0, nullptr);
- pObj->SetAlignedPointerInInternalField(1, nullptr);
+ pObj->SetAlignedPointerInInternalField(0, nullptr,
+ kDefaultPDFiumTag);
+ pObj->SetAlignedPointerInInternalField(1, nullptr,
+ kDefaultPDFiumTag);
delete pData;
}
@@ -524,8 +536,10 @@
// in case we don't process a FXJSOBJTYPE_GLOBAL below.
v8::Local<v8::Object> pThis = v8Context->Global();
if (pThis->InternalFieldCount() == 2) {
- pThis->SetAlignedPointerInInternalField(0, nullptr);
- pThis->SetAlignedPointerInInternalField(1, nullptr);
+ pThis->SetAlignedPointerInInternalField(0, nullptr,
+ kDefaultPDFiumTag);
+ pThis->SetAlignedPointerInInternalField(1, nullptr,
+ kDefaultPDFiumTag);
}
v8::Context::Scope context_scope(v8Context);
diff --git a/fxjs/xfa/cfxjse_class.cpp b/fxjs/xfa/cfxjse_class.cpp
index 3af21ed..47b3339 100644
--- a/fxjs/xfa/cfxjse_class.cpp
+++ b/fxjs/xfa/cfxjse_class.cpp
@@ -32,6 +32,11 @@
namespace {
+// TODO(pdfium): Define and use type-specific type tags for aligned pointers
+// stored in V8 objects. The type tags should not overlap with the ones used by
+// Blink, as defined in gin/public/gin_embedders.h.
+constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0;
+
FXJSE_FUNCTION_DESCRIPTOR* AsFunctionDescriptor(void* ptr) {
auto* result = static_cast<FXJSE_FUNCTION_DESCRIPTOR*>(ptr);
return result && result->tag == kFuncTag ? result : nullptr;
@@ -66,8 +71,9 @@
}
DCHECK_EQ(info.This()->InternalFieldCount(), 2);
- info.This()->SetAlignedPointerInInternalField(0, nullptr);
- info.This()->SetAlignedPointerInInternalField(1, nullptr);
+ info.This()->SetAlignedPointerInInternalField(
+ 0, nullptr, kDefaultPDFiumTag);
+ info.This()->SetInternalField(1, v8::Undefined(info.GetIsolate()));
}
void Context_GlobalObjToString(
@@ -100,7 +106,8 @@
}
auto* pClassDescriptor = static_cast<const FXJSE_CLASS_DESCRIPTOR*>(
- hCallBackInfo->GetAlignedPointerFromInternalField(0));
+ hCallBackInfo->GetAlignedPointerFromInternalField(
+ 0, kDefaultPDFiumTag));
if (pClassDescriptor != &kGlobalClassDescriptor &&
pClassDescriptor != &kNormalClassDescriptor &&
pClassDescriptor != &kVariablesClassDescriptor &&
@@ -156,7 +163,8 @@
hCallBackInfoTemplate->NewInstance(pIsolate->GetCurrentContext())
.ToLocalChecked();
hCallBackInfo->SetAlignedPointerInInternalField(
- 0, const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor));
+ 0, const_cast<FXJSE_CLASS_DESCRIPTOR*>(pClassDescriptor),
+ kDefaultPDFiumTag);
hCallBackInfo->SetInternalField(
1, fxv8::NewStringHelper(pIsolate, szPropName));
return std::make_unique<CFXJSE_Value>(
diff --git a/fxjs/xfa/cfxjse_context.cpp b/fxjs/xfa/cfxjse_context.cpp
index 74516ca..1e75673 100644
--- a/fxjs/xfa/cfxjse_context.cpp
+++ b/fxjs/xfa/cfxjse_context.cpp
@@ -27,6 +27,11 @@
namespace {
+// TODO(pdfium): Define and use type-specific type tags for aligned pointers
+// stored in V8 objects. The type tags should not overlap with the ones used by
+// Blink, as defined in gin/public/gin_embedders.h.
+constexpr v8::EmbedderDataTypeTag kDefaultPDFiumTag = 0;
+
const char szCompatibleModeScript[] =
"(function(global, list) {\n"
" 'use strict';\n"
@@ -126,15 +131,19 @@
DCHECK(!hObject.IsEmpty());
DCHECK_EQ(hObject->InternalFieldCount(), 2);
hObject->SetAlignedPointerInInternalField(
- 0, const_cast<wchar_t*>(kFXJSEHostObjectTag));
- hObject->SetAlignedPointerInInternalField(1, pNewBinding);
+ 0, const_cast<wchar_t*>(kFXJSEHostObjectTag),
+ kDefaultPDFiumTag);
+ hObject->SetAlignedPointerInInternalField(1, pNewBinding,
+ kDefaultPDFiumTag);
}
void FXJSE_ClearObjectBinding(v8::Local<v8::Object> hObject) {
DCHECK(!hObject.IsEmpty());
DCHECK_EQ(hObject->InternalFieldCount(), 2);
- hObject->SetAlignedPointerInInternalField(0, nullptr);
- hObject->SetAlignedPointerInInternalField(1, nullptr);
+ hObject->SetAlignedPointerInInternalField(0, nullptr,
+ kDefaultPDFiumTag);
+ hObject->SetAlignedPointerInInternalField(1, nullptr,
+ kDefaultPDFiumTag);
}
CFXJSE_HostObject* FXJSE_RetrieveObjectBinding(v8::Local<v8::Value> hValue) {
@@ -144,12 +153,14 @@
v8::Local<v8::Object> hObject = hValue.As<v8::Object>();
if (hObject->InternalFieldCount() != 2 ||
- hObject->GetAlignedPointerFromInternalField(0) != kFXJSEHostObjectTag) {
+ hObject->GetAlignedPointerFromInternalField(
+ 0, kDefaultPDFiumTag) != kFXJSEHostObjectTag) {
return nullptr;
}
return static_cast<CFXJSE_HostObject*>(
- hObject->GetAlignedPointerFromInternalField(1));
+ hObject->GetAlignedPointerFromInternalField(
+ 1, kDefaultPDFiumTag));
}
// static
