Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 09:45:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1480678 part 12 - Do a CheckedUnwrap in AudioContext::DecodeAudioData to ensure we don't have a CCW. r=bz

Browse Source 
Note that right now aBuffer.Obj() will never be a cross-compartment wrapper anyway, because that can only happen when we're calling a WebIDL constructor, and this is not a constructor.
This commit is contained in:
Jan de Mooij 2018-08-09 10:48:29 +02:00
parent 2c9cefda61
commit 0090285015
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dom/media/webaudio/AudioContext.cpp
View File

@ -590,7 +590,14 @@ AudioContext::DecodeAudioData(const ArrayBuffer& aBuffer,
AutoJSAPI jsapi;
jsapi.Init();
JSContext* cx = jsapi.cx();
JSAutoRealmAllowCCW ar(cx, aBuffer.Obj());
JS::Rooted<JSObject*> obj(cx, js::CheckedUnwrap(aBuffer.Obj()));
if (!obj) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return nullptr;
}
JSAutoRealm ar(cx, obj);
promise = Promise::Create(parentObject, aRv);
if (aRv.Failed()) {
@ -613,7 +620,6 @@ AudioContext::DecodeAudioData(const ArrayBuffer& aBuffer,
// Detach the array buffer
size_t length = aBuffer.Length();
JS::RootedObject obj(cx, aBuffer.Obj());
uint8_t* data = static_cast<uint8_t*>(JS_StealArrayBufferContents(cx, obj));