mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-22 09:45:41 +00:00
Bug 1480678 part 12 - Do a CheckedUnwrap in AudioContext::DecodeAudioData to ensure we don't have a CCW. r=bz
Note that right now aBuffer.Obj() will never be a cross-compartment wrapper anyway, because that can only happen when we're calling a WebIDL constructor, and this is not a constructor.
This commit is contained in:
parent
2c9cefda61
commit
0090285015
@ -590,7 +590,14 @@ AudioContext::DecodeAudioData(const ArrayBuffer& aBuffer,
|
||||
AutoJSAPI jsapi;
|
||||
jsapi.Init();
|
||||
JSContext* cx = jsapi.cx();
|
||||
JSAutoRealmAllowCCW ar(cx, aBuffer.Obj());
|
||||
|
||||
JS::Rooted<JSObject*> obj(cx, js::CheckedUnwrap(aBuffer.Obj()));
|
||||
if (!obj) {
|
||||
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
JSAutoRealm ar(cx, obj);
|
||||
|
||||
promise = Promise::Create(parentObject, aRv);
|
||||
if (aRv.Failed()) {
|
||||
@ -613,7 +620,6 @@ AudioContext::DecodeAudioData(const ArrayBuffer& aBuffer,
|
||||
|
||||
// Detach the array buffer
|
||||
size_t length = aBuffer.Length();
|
||||
JS::RootedObject obj(cx, aBuffer.Obj());
|
||||
|
||||
uint8_t* data = static_cast<uint8_t*>(JS_StealArrayBufferContents(cx, obj));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user