Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-28 23:31:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1103368, part 4 - Ban stub getter/setter arguments to js::CheckDefineProperty. r=bhackett.

Browse Source 
--HG--
extra : rebase_source : c8e78f1d488cb830bf5362d539694cac786b95ab
This commit is contained in:
Jason Orendorff 2014-11-22 08:43:56 -06:00
parent de93981e57
commit 3318b4c311
4 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
js/ipc/JavaScriptShared.cpp
View File

@ -532,8 +532,7 @@ JavaScriptShared::findObjectById(JSContext *cx, const ObjectId &objId)
return obj; return obj;
} }
static const uint64_t DefaultPropertyOp = 1; static const uint64_t UnknownPropertyOp = 1;
static const uint64_t UnknownPropertyOp = 2;
bool bool
JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> desc, JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> desc,
@ -556,7 +555,7 @@ JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> des
out->getter() = objVar; out->getter() = objVar;
} else { } else {
if (desc.getter() == JS_PropertyStub) if (desc.getter() == JS_PropertyStub)
out->getter() = DefaultPropertyOp; out->getter() = 0;
else else
out->getter() = UnknownPropertyOp; out->getter() = UnknownPropertyOp;
} }
@ -571,7 +570,7 @@ JavaScriptShared::fromDescriptor(JSContext *cx, Handle<JSPropertyDescriptor> des
out->setter() = objVar; out->setter() = objVar;
} else { } else {
if (desc.setter() == JS_StrictPropertyStub) if (desc.setter() == JS_StrictPropertyStub)
out->setter() = DefaultPropertyOp; out->setter() = 0;
else else
out->setter() = UnknownPropertyOp; out->setter() = UnknownPropertyOp;
} }
@ -611,10 +610,7 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in,
return false; return false;
out.setGetter(JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter.get())); out.setGetter(JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter.get()));
} else { } else {
if (in.getter().get_uint64_t() == DefaultPropertyOp) out.setGetter(UnknownPropertyStub);
out.setGetter(JS_PropertyStub);
else
out.setGetter(UnknownPropertyStub);
} }
if (in.setter().type() == GetterSetter::Tuint64_t && !in.setter().get_uint64_t()) { if (in.setter().type() == GetterSetter::Tuint64_t && !in.setter().get_uint64_t()) {
@ -626,10 +622,7 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in,
return false; return false;
out.setSetter(JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter.get())); out.setSetter(JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter.get()));
} else { } else {
if (in.setter().get_uint64_t() == DefaultPropertyOp) out.setSetter(UnknownStrictPropertyStub);
out.setSetter(JS_StrictPropertyStub);
else
out.setSetter(UnknownStrictPropertyStub);
} }
return true; return true;

8
js/ipc/WrapperAnswer.cpp
View File

@ -190,8 +190,12 @@ WrapperAnswer::RecvDefineProperty(const ObjectId &objId, const JSIDVariant &idVa
// accessors: they have either JSFunctions or // accessors: they have either JSFunctions or
// JSPropertyOps. // JSPropertyOps.
desc.attributes() | JSPROP_PROPOP_ACCESSORS, desc.attributes() | JSPROP_PROPOP_ACCESSORS,
JS_PROPERTYOP_GETTER(desc.getter()), JS_PROPERTYOP_GETTER(desc.getter()
JS_PROPERTYOP_SETTER(desc.setter()))) ? desc.getter()
: JS_PropertyStub),
JS_PROPERTYOP_SETTER(desc.setter()
? desc.setter()
: JS_StrictPropertyStub)))
{ {
return fail(cx, rs); return fail(cx, rs);
} }

7
js/src/jsobj.cpp
View File

@ -674,6 +674,9 @@ JS_FRIEND_API(bool)
js::CheckDefineProperty(JSContext *cx, HandleObject obj, HandleId id, HandleValue value, js::CheckDefineProperty(JSContext *cx, HandleObject obj, HandleId id, HandleValue value,
unsigned attrs, PropertyOp getter, StrictPropertyOp setter) unsigned attrs, PropertyOp getter, StrictPropertyOp setter)
{ {
MOZ_ASSERT(getter != JS_PropertyStub);
MOZ_ASSERT(setter != JS_StrictPropertyStub);
if (!obj->isNative()) if (!obj->isNative())
return true; return true;
@ -695,8 +698,8 @@ js::CheckDefineProperty(JSContext *cx, HandleObject obj, HandleId id, HandleValu
// Steps 6-11, skipping step 10.a.ii. Prohibit redefining a permanent // Steps 6-11, skipping step 10.a.ii. Prohibit redefining a permanent
// property with different metadata, except to make a writable property // property with different metadata, except to make a writable property
// non-writable. // non-writable.
if ((getter != desc.getter() && !(getter == JS_PropertyStub && !desc.getter())) || if (getter != desc.getter() ||
(setter != desc.setter() && !(setter == JS_StrictPropertyStub && !desc.setter())) || setter != desc.setter() ||
(attrs != desc.attributes() && attrs != (desc.attributes() | JSPROP_READONLY))) (attrs != desc.attributes() && attrs != (desc.attributes() | JSPROP_READONLY)))
{ {
return Throw(cx, id, JSMSG_CANT_REDEFINE_PROP); return Throw(cx, id, JSMSG_CANT_REDEFINE_PROP);

9
js/src/proxy/DirectProxyHandler.cpp
View File

@ -41,13 +41,8 @@ DirectProxyHandler::defineProperty(JSContext *cx, HandleObject proxy, HandleId i
RootedValue v(cx, desc.value()); RootedValue v(cx, desc.value());
return CheckDefineProperty(cx, target, id, v, desc.attributes(), return CheckDefineProperty(cx, target, id, v, desc.attributes(),
desc.getter(), desc.setter()) && desc.getter(), desc.setter()) &&
JS_DefinePropertyById(cx, target, id, v, JSObject::defineGeneric(cx, target, id, v, desc.getter(), desc.setter(),
// Descriptors never store JSNatives for desc.attributes());
// accessors: they have either JSFunctions or
// JSPropertyOps.
desc.attributes() | JSPROP_PROPOP_ACCESSORS,
JS_PROPERTYOP_GETTER(desc.getter()),
JS_PROPERTYOP_SETTER(desc.setter()));
} }
bool bool