Bug 867459 - Fix caps rooting hazards r=terrence

2024-11-26 06:11:37 +00:00 · 2013-05-02 22:02:40 -04:00 · 2013-05-02 22:02:40 -04:00 · 05132788d9
commit 05132788d9
parent f7cf050076
3 changed files with 18 additions and 17 deletions
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@ -442,7 +442,7 @@ private:
    // of obj (the last object on its parent chain). Callers MUST pass in a
    // non-null rv here.
    static nsIPrincipal*
-    GetFunctionObjectPrincipal(JSContext* cx, JSObject* obj, nsresult* rv);
+    GetFunctionObjectPrincipal(JSContext* cx, JS::Handle<JSObject*> obj, nsresult* rv);

    /**
     * Check capability levels for an |aObj| that implements
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -1581,23 +1581,24 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
 {
    // This check is called for event handlers
    nsresult rv;
+    JS::Rooted<JSObject*> rootedFunObj(aCx, static_cast<JSObject*>(aFunObj));
    nsIPrincipal* subject =
-        GetFunctionObjectPrincipal(aCx, (JSObject *)aFunObj, &rv);
+        GetFunctionObjectPrincipal(aCx, rootedFunObj, &rv);

    // If subject is null, get a principal from the function object's scope.
    if (NS_SUCCEEDED(rv) && !subject)
    {
 #ifdef DEBUG
        {
-            JS_ASSERT(JS_ObjectIsFunction(aCx, (JSObject *)aFunObj));
-            JSFunction *fun = JS_GetObjectFunction((JSObject *)aFunObj);
+            JS_ASSERT(JS_ObjectIsFunction(aCx, rootedFunObj));
+            JS::Rooted<JSFunction*> fun(aCx, JS_GetObjectFunction(rootedFunObj));
            JSScript *script = JS_GetFunctionScript(aCx, fun);

            NS_ASSERTION(!script, "Null principal for non-native function!");
        }
 #endif

-        subject = doGetObjectPrincipal((JSObject*)aFunObj);
+        subject = doGetObjectPrincipal(rootedFunObj);
    }

    if (!subject)
@ -1630,7 +1631,7 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
    nsIPrincipal* object = doGetObjectPrincipal(obj);

    if (!object)
-        return NS_ERROR_FAILURE;        
+        return NS_ERROR_FAILURE;

    bool subsumes;
    rv = subject->Subsumes(object, &subsumes);
@ -1949,7 +1950,7 @@ nsScriptSecurityManager::GetScriptPrincipal(JSScript *script,
 // static
 nsIPrincipal*
 nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
-                                                    JSObject *obj,
+                                                    JS::Handle<JSObject*> obj,
                                                    nsresult *rv)
 {
    NS_PRECONDITION(rv, "Null out param");
@ -1965,7 +1966,7 @@ nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
        return result;
    }

-    JSFunction *fun = JS_GetObjectFunction(obj);
+    JS::Rooted<JSFunction*> fun(cx, JS_GetObjectFunction(obj));
    JSScript *script = JS_GetFunctionScript(cx, fun);

    if (!script)
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@ -62,39 +62,39 @@ static const JSFunctionSpec PrivilegeManager_static_methods[] = {
 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
 * et al. so that code that worked with 4.0 can still work.
 */
-NS_IMETHODIMP 
+NS_IMETHODIMP
 nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
 {
    AutoPushJSContext cx(aScriptContext->GetNativeContext());
-    JSObject *global = JS_ObjectToInnerObject(cx, JS_GetGlobalObject(cx));
+    JS::Rooted<JSObject*> global(cx, JS_ObjectToInnerObject(cx, JS_GetGlobalObject(cx)));

    /*
     * Find Object.prototype's class by walking up the global object's
     * prototype chain.
     */
-    JSObject *obj = global;
-    JSObject *proto;
+    JS::Rooted<JSObject*> obj(cx, global);
+    JS::Rooted<JSObject*> proto(cx);
    JSAutoRequest ar(cx);
    for (;;) {
-        MOZ_ALWAYS_TRUE(JS_GetPrototype(cx, obj, &proto));
+        MOZ_ALWAYS_TRUE(JS_GetPrototype(cx, obj, proto.address()));
        if (!proto)
            break;
        obj = proto;
    }
    JSClass *objectClass = JS_GetClass(obj);

-    JS::Value v;
-    if (!JS_GetProperty(cx, global, "netscape", &v))
+    JS::Rooted<JS::Value> v(cx);
+    if (!JS_GetProperty(cx, global, "netscape", v.address()))
        return NS_ERROR_FAILURE;

-    JSObject *securityObj;
+    JS::Rooted<JSObject*> securityObj(cx);
    if (v.isObject()) {
        /*
         * "netscape" property of window object exists; get the
         * "security" property.
         */
        obj = &v.toObject();
-        if (!JS_GetProperty(cx, obj, "security", &v) || !v.isObject())
+        if (!JS_GetProperty(cx, obj, "security", v.address()) || !v.isObject())
            return NS_ERROR_FAILURE;
        securityObj = &v.toObject();
    } else {