Bug 1103368, part 4 - Ban stub getter/setter arguments to js::CheckDefineProperty. r=bhackett.

--HG-- extra : rebase_source : 407e9adaca3ee23e768f750cd84a0a8f3432e2fa
2024-10-09 19:35:51 +00:00 · 2014-11-22 08:43:56 -06:00 · 2014-11-22 08:43:56 -06:00 · 1c534dd02f
commit 1c534dd02f
parent 37a9b9a235
4 changed files with 18 additions and 23 deletions
--- a/js/ipc/JavaScriptShared.cpp
+++ b/js/ipc/JavaScriptShared.cpp
@ -532,8 +532,7 @@ JavaScriptShared::findObjectById(JSContext *cx, const ObjectId &objId)
    return obj;
 }

-static const uint64_t DefaultPropertyOp = 1;
-static const uint64_t UnknownPropertyOp = 2;
+static const uint64_t UnknownPropertyOp = 1;

 bool
 JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> desc,
@ -556,7 +555,7 @@ JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> des
        out->getter() = objVar;
    } else {
        if (desc.getter() == JS_PropertyStub)
-            out->getter() = DefaultPropertyOp;
+            out->getter() = 0;
        else
            out->getter() = UnknownPropertyOp;
    }
@ -571,7 +570,7 @@ JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> des
        out->setter() = objVar;
    } else {
        if (desc.setter() == JS_StrictPropertyStub)
-            out->setter() = DefaultPropertyOp;
+            out->setter() = 0;
        else
            out->setter() = UnknownPropertyOp;
    }
@ -611,10 +610,7 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in,
            return false;
        out.setGetter(JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter.get()));
    } else {
-        if (in.getter().get_uint64_t() == DefaultPropertyOp)
-            out.setGetter(JS_PropertyStub);
-        else
-            out.setGetter(UnknownPropertyStub);
+        out.setGetter(UnknownPropertyStub);
    }

    if (in.setter().type() == GetterSetter::Tuint64_t && !in.setter().get_uint64_t()) {
@ -626,10 +622,7 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in,
            return false;
        out.setSetter(JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter.get()));
    } else {
-        if (in.setter().get_uint64_t() == DefaultPropertyOp)
-            out.setSetter(JS_StrictPropertyStub);
-        else
-            out.setSetter(UnknownStrictPropertyStub);
+        out.setSetter(UnknownStrictPropertyStub);
    }

    return true;
--- a/js/ipc/WrapperAnswer.cpp
+++ b/js/ipc/WrapperAnswer.cpp
@ -190,8 +190,12 @@ WrapperAnswer::RecvDefineProperty(const ObjectId &objId, const JSIDVariant &idVa
                               // accessors: they have either JSFunctions or
                               // JSPropertyOps.
                               desc.attributes() | JSPROP_PROPOP_ACCESSORS,
-                               JS_PROPERTYOP_GETTER(desc.getter()),
-                               JS_PROPERTYOP_SETTER(desc.setter())))
+                               JS_PROPERTYOP_GETTER(desc.getter()
+                                                    ? desc.getter()
+                                                    : JS_PropertyStub),
+                               JS_PROPERTYOP_SETTER(desc.setter()
+                                                    ? desc.setter()
+                                                    : JS_StrictPropertyStub)))
    {
        return fail(cx, rs);
    }
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@ -546,6 +546,9 @@ JS_FRIEND_API(bool)
 js::CheckDefineProperty(JSContext *cx, HandleObject obj, HandleId id, HandleValue value,
                        unsigned attrs, PropertyOp getter, StrictPropertyOp setter)
 {
+    MOZ_ASSERT(getter != JS_PropertyStub);
+    MOZ_ASSERT(setter != JS_StrictPropertyStub);
+
    if (!obj->isNative())
        return true;

@ -567,8 +570,8 @@ js::CheckDefineProperty(JSContext *cx, HandleObject obj, HandleId id, HandleValu
        // Steps 6-11, skipping step 10.a.ii. Prohibit redefining a permanent
        // property with different metadata, except to make a writable property
        // non-writable.
-        if ((getter != desc.getter() && !(getter == JS_PropertyStub && !desc.getter())) ||
-            (setter != desc.setter() && !(setter == JS_StrictPropertyStub && !desc.setter())) ||
+        if (getter != desc.getter() ||
+            setter != desc.setter() ||
            (attrs != desc.attributes() && attrs != (desc.attributes() | JSPROP_READONLY)))
        {
            return Throw(cx, id, JSMSG_CANT_REDEFINE_PROP);
--- a/js/src/proxy/DirectProxyHandler.cpp
+++ b/js/src/proxy/DirectProxyHandler.cpp
@ -41,13 +41,8 @@ DirectProxyHandler::defineProperty(JSContext *cx, HandleObject proxy, HandleId i
    RootedValue v(cx, desc.value());
    return CheckDefineProperty(cx, target, id, v, desc.attributes(),
                               desc.getter(), desc.setter()) &&
-           JS_DefinePropertyById(cx, target, id, v,
-                                 // Descriptors never store JSNatives for
-                                 // accessors: they have either JSFunctions or
-                                 // JSPropertyOps.
-                                 desc.attributes() | JSPROP_PROPOP_ACCESSORS,
-                                 JS_PROPERTYOP_GETTER(desc.getter()),
-                                 JS_PROPERTYOP_SETTER(desc.setter()));
+           JSObject::defineGeneric(cx, target, id, v, desc.getter(), desc.setter(),
+                                   desc.attributes());
 }

 bool