Stop after type mismatch of args of a message received by PDF Plugin.

Previously, after HandleMessage matched the message type, if the
argument types were wrong it would keep trying to match with the
other message types.

Change-Id: Ia270ddc0ac4614b3ef998bcd30d3686f987dd809
Reviewed-on: https://chromium-review.googlesource.com/c/1277445
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Henrique Nakashima <hnakashima@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599067}

pdf/out_of_process_instance.cc

@@ -544,10 +544,14 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
 
   std::string type = dict.Get(kType).AsString();
 
-  if (type == kJSViewportType && dict.Get(pp::Var(kJSXOffset)).is_number() &&
-      dict.Get(pp::Var(kJSYOffset)).is_number() &&
-      dict.Get(pp::Var(kJSZoom)).is_number() &&
-      dict.Get(pp::Var(kJSPinchPhase)).is_number()) {
+  if (type == kJSViewportType) {
+    if (!(dict.Get(pp::Var(kJSXOffset)).is_number() &&
+          dict.Get(pp::Var(kJSYOffset)).is_number() &&
+          dict.Get(pp::Var(kJSZoom)).is_number() &&
+          dict.Get(pp::Var(kJSPinchPhase)).is_number())) {
+      NOTREACHED();
+      return;
+    }
     received_viewport_message_ = true;
     stop_scrolling_ = false;
     PinchPhase pinch_phase =
@@ -652,8 +656,11 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
     scroll_offset = BoundScrollOffsetToDocument(scroll_offset);
     engine_->ScrolledToXPosition(scroll_offset.x() * device_scale_);
     engine_->ScrolledToYPosition(scroll_offset.y() * device_scale_);
-  } else if (type == kJSGetPasswordCompleteType &&
-             dict.Get(pp::Var(kJSPassword)).is_string()) {
+  } else if (type == kJSGetPasswordCompleteType) {
+    if (!dict.Get(pp::Var(kJSPassword)).is_string()) {
+      NOTREACHED();
+      return;
+    }
     if (password_callback_) {
       pp::CompletionCallbackWithOutput<pp::Var> callback = *password_callback_;
       password_callback_.reset();
@@ -664,7 +671,11 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
     }
   } else if (type == kJSPrintType) {
     Print();
-  } else if (type == kJSSaveType && dict.Get(pp::Var(kJSToken)).is_string()) {
+  } else if (type == kJSSaveType) {
+    if (!dict.Get(pp::Var(kJSToken)).is_string()) {
+      NOTREACHED();
+      return;
+    }
     Save(dict.Get(pp::Var(kJSToken)).AsString());
   } else if (type == kJSRotateClockwiseType) {
     RotateClockwise();
@@ -672,10 +683,14 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
     RotateCounterclockwise();
   } else if (type == kJSSelectAllType) {
     engine_->SelectAll();
-  } else if (type == kJSResetPrintPreviewModeType &&
-             dict.Get(pp::Var(kJSPrintPreviewUrl)).is_string() &&
-             dict.Get(pp::Var(kJSPrintPreviewGrayscale)).is_bool() &&
-             dict.Get(pp::Var(kJSPrintPreviewPageCount)).is_int()) {
+  } else if (type == kJSResetPrintPreviewModeType) {
+    if (!(dict.Get(pp::Var(kJSPrintPreviewUrl)).is_string() &&
+          dict.Get(pp::Var(kJSPrintPreviewGrayscale)).is_bool() &&
+          dict.Get(pp::Var(kJSPrintPreviewPageCount)).is_int())) {
+      NOTREACHED();
+      return;
+    }
+
     // For security reasons, crash if the URL that is trying to be loaded here
     // isn't a print preview one.
     std::string url = dict.Get(pp::Var(kJSPrintPreviewUrl)).AsString();
@@ -721,9 +736,13 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
 
     paint_manager_.InvalidateRect(pp::Rect(pp::Point(), plugin_size_));
     PrintPreviewHistogramEnumeration(PRINT_PREVIEW_SHOWN);
-  } else if (type == kJSLoadPreviewPageType &&
-             dict.Get(pp::Var(kJSPreviewPageUrl)).is_string() &&
-             dict.Get(pp::Var(kJSPreviewPageIndex)).is_int()) {
+  } else if (type == kJSLoadPreviewPageType) {
+    if (!(dict.Get(pp::Var(kJSPreviewPageUrl)).is_string() &&
+          dict.Get(pp::Var(kJSPreviewPageIndex)).is_int())) {
+      NOTREACHED();
+      return;
+    }
+
     std::string url = dict.Get(pp::Var(kJSPreviewPageUrl)).AsString();
     // For security reasons we crash if the URL that is trying to be loaded here
     // isn't a print preview one.
@@ -740,8 +759,11 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
     reply.Set(pp::Var(kType), pp::Var(kJSGetSelectedTextReplyType));
     reply.Set(pp::Var(kJSSelectedText), selected_text);
     PostMessage(reply);
-  } else if (type == kJSGetNamedDestinationType &&
-             dict.Get(pp::Var(kJSGetNamedDestination)).is_string()) {
+  } else if (type == kJSGetNamedDestinationType) {
+    if (!dict.Get(pp::Var(kJSGetNamedDestination)).is_string()) {
+      NOTREACHED();
+      return;
+    }
     base::Optional<PDFEngine::NamedDestination> named_destination =
         engine_->GetNamedDestination(
             dict.Get(pp::Var(kJSGetNamedDestination)).AsString());
@@ -751,11 +773,14 @@ void OutOfProcessInstance::HandleMessage(const pp::Var& message) {
         pp::Var(kJSNamedDestinationPageNumber),
         named_destination ? static_cast<int>(named_destination->page) : -1);
     PostMessage(reply);
-  } else if (type == kJSTransformPagePointType &&
-             dict.Get(pp::Var(kJSPageNumber)).is_int() &&
-             dict.Get(pp::Var(kJSPageX)).is_int() &&
-             dict.Get(pp::Var(kJSPageY)).is_int() &&
-             dict.Get(pp::Var(kJSId)).is_int()) {
+  } else if (type == kJSTransformPagePointType) {
+    if (!(dict.Get(pp::Var(kJSPageNumber)).is_int() &&
+          dict.Get(pp::Var(kJSPageX)).is_int() &&
+          dict.Get(pp::Var(kJSPageY)).is_int() &&
+          dict.Get(pp::Var(kJSId)).is_int())) {
+      NOTREACHED();
+      return;
+    }
     gfx::PointF page_xy(dict.Get(pp::Var(kJSPageX)).AsInt(),
                         dict.Get(pp::Var(kJSPageY)).AsInt());
     gfx::PointF device_xy = engine_->TransformPagePoint(