Bug 1062024 - Allow CPOWs to be passed to COWs (r=bholley)

2024-11-29 07:42:04 +00:00 · 2014-09-10 17:15:41 -07:00 · 2014-09-10 17:15:41 -07:00 · 358c1f203e
commit 358c1f203e
parent 3814244dbb
2 changed files with 15 additions and 0 deletions
--- a/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
+++ b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp
@ -7,9 +7,11 @@
 #include "ChromeObjectWrapper.h"
 #include "WrapperFactory.h"
 #include "AccessCheck.h"
+#include "JavaScriptParent.h"
 #include "xpcprivate.h"
 #include "jsapi.h"
 #include "jswrapper.h"
+#include "nsXULAppAPI.h"

 using namespace JS;

@ -116,6 +118,16 @@ CheckPassToChrome(JSContext *cx, HandleObject wrapper, HandleValue v)
    if (!js::IsWrapper(obj))
        return true;

+    // CPOWs use COWs (in the unprivileged junk scope) for all child->parent
+    // references. Without this test, the child process wouldn't be able to
+    // pass any objects at all to CPOWs.
+    if (mozilla::jsipc::IsWrappedCPOW(obj) &&
+        js::GetObjectCompartment(wrapper) == js::GetObjectCompartment(xpc::UnprivilegedJunkScope()) &&
+        XRE_GetProcessType() == GeckoProcessType_Default)
+    {
+        return true;
+    }
+
    // COWs are fine to pass back if and only if they have __exposedProps__,
    // since presumably content should never have a reason to pass an opaque
    // object back to chrome.
--- a/js/xpconnect/wrappers/moz.build
+++ b/js/xpconnect/wrappers/moz.build
@ -32,10 +32,13 @@ FAIL_ON_WARNINGS = True

 MSVC_ENABLE_PGO = True

+include('/ipc/chromium/chromium-config.mozbuild')
+
 FINAL_LIBRARY = 'xul'

 LOCAL_INCLUDES += [
    '../../../dom/base',
    '../src',
+    '/js/ipc',
 ]