Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 20:05:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 865969 part 7. Fix rooting hazards in DOMJSProxyHandler.cpp. r=ms2ger

Browse Source
This commit is contained in:
Boris Zbarsky 2013-05-03 19:29:09 -04:00
parent 7640b170ac
commit 5c1c270e34
3 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dom/base/nsGlobalWindow.cpp
View File

@ -614,14 +614,15 @@ protected:
// False return value means we threw an exception. True return value
// but false "found" means we didn't have a subframe at that index.
bool GetSubframeWindow(JSContext *cx, JSObject *proxy, jsid id,
bool GetSubframeWindow(JSContext *cx, JS::Handle<JSObject*> proxy,
JS::Handle<jsid> id,
JS::Value *vp, bool &found);
// Returns a non-null window only if id is an index and we have a
// window at that index.
already_AddRefed<nsIDOMWindow> GetSubframeWindow(JSContext *cx,
JSObject *proxy,
jsid id);
JS::Handle<JSObject*> proxy,
JS::Handle<jsid> id);
bool AppendIndexedPropertyNames(JSContext *cx, JSObject *proxy,
JS::AutoIdVector &props);
@ -869,8 +870,9 @@ nsOuterWindowProxy::iterate(JSContext *cx, JS::Handle<JSObject*> proxy,
}
bool
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy,
jsid id, JS::Value* vp,
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx,
JS::Handle<JSObject*> proxy,
JS::Handle<jsid> id, JS::Value* vp,
bool& found)
{
nsCOMPtr<nsIDOMWindow> frame = GetSubframeWindow(cx, proxy, id);
@ -895,7 +897,9 @@ nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy,
}
already_AddRefed<nsIDOMWindow>
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy, jsid id)
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx,
JS::Handle<JSObject*> proxy,
JS::Handle<jsid> id)
{
int32_t index = GetArrayIndexFromId(cx, id);
if (!IsArrayIndex(index)) {

29
dom/bindings/DOMJSProxyHandler.cpp
View File

@ -60,10 +60,10 @@ DOMProxyHandler::GetAndClearExpandoObject(JSObject* obj)
// static
JSObject*
DOMProxyHandler::EnsureExpandoObject(JSContext* cx, JSObject* obj)
DOMProxyHandler::EnsureExpandoObject(JSContext* cx, JS::Handle<JSObject*> obj)
{
NS_ASSERTION(IsDOMProxy(obj), "expected a DOM proxy object");
JSObject* expando = GetExpandoObject(obj);
JS::Rooted<JSObject*> expando(cx, GetExpandoObject(obj));
if (!expando) {
expando = JS_NewObjectWithGivenProto(cx, nullptr, nullptr,
js::GetObjectParent(obj));
@ -110,8 +110,8 @@ DOMProxyHandler::getPropertyDescriptor(JSContext* cx, JS::Handle<JSObject*> prox
return true;
}
JSObject* proto;
if (!js::GetObjectProto(cx, proxy, &proto)) {
JS::Rooted<JSObject*> proto(cx);
if (!js::GetObjectProto(cx, proxy, proto.address())) {
return false;
}
if (!proto) {
@ -153,10 +153,11 @@ DOMProxyHandler::delete_(JSContext* cx, JS::Handle<JSObject*> proxy,
{
JSBool b = true;
JSObject* expando;
JS::Rooted<JSObject*> expando(cx);
if (!xpc::WrapperFactory::IsXrayWrapper(proxy) && (expando = GetExpandoObject(proxy))) {
Value v;
if (!JS_DeletePropertyById2(cx, expando, id, &v) || !JS_ValueToBoolean(cx, v, &b)) {
JS::Rooted<Value> v(cx);
if (!JS_DeletePropertyById2(cx, expando, id, v.address()) ||
!JS_ValueToBoolean(cx, v, &b)) {
return false;
}
}
@ -168,8 +169,8 @@ DOMProxyHandler::delete_(JSContext* cx, JS::Handle<JSObject*> proxy,
bool
DOMProxyHandler::enumerate(JSContext* cx, JS::Handle<JSObject*> proxy, AutoIdVector& props)
{
JSObject* proto;
if (!JS_GetPrototype(cx, proxy, &proto)) {
JS::Rooted<JSObject*> proto(cx);
if (!JS_GetPrototype(cx, proxy, proto.address())) {
return false;
}
return getOwnPropertyNames(cx, proxy, props) &&
@ -190,8 +191,8 @@ DOMProxyHandler::has(JSContext* cx, JS::Handle<JSObject*> proxy, JS::Handle<jsid
}
// OK, now we have to look at the proto
JSObject *proto;
if (!js::GetObjectProto(cx, proxy, &proto)) {
JS::Rooted<JSObject*> proto(cx);
if (!js::GetObjectProto(cx, proxy, proto.address())) {
return false;
}
if (!proto) {
@ -212,8 +213,8 @@ DOMProxyHandler::AppendNamedPropertyIds(JSContext* cx,
JS::AutoIdVector& props)
{
for (uint32_t i = 0; i < names.Length(); ++i) {
JS::Value v;
if (!xpc::NonVoidStringToJsval(cx, names[i], &v)) {
JS::Rooted<JS::Value> v(cx);
if (!xpc::NonVoidStringToJsval(cx, names[i], v.address())) {
return false;
}
@ -233,7 +234,7 @@ DOMProxyHandler::AppendNamedPropertyIds(JSContext* cx,
}
int32_t
IdToInt32(JSContext* cx, jsid id)
IdToInt32(JSContext* cx, JS::Handle<jsid> id)
{
JSAutoRequest ar(cx);

9
dom/bindings/DOMJSProxyHandler.h
View File

@ -54,7 +54,8 @@ public:
return v.isUndefined() ? NULL : v.toObjectOrNull();
}
static JSObject* GetAndClearExpandoObject(JSObject* obj);
static JSObject* EnsureExpandoObject(JSContext* cx, JSObject* obj);
static JSObject* EnsureExpandoObject(JSContext* cx,
JS::Handle<JSObject*> obj);
const DOMClass& mClass;
@ -68,12 +69,12 @@ protected:
extern jsid s_length_id;
int32_t IdToInt32(JSContext* cx, jsid id);
int32_t IdToInt32(JSContext* cx, JS::Handle<jsid> id);
// XXXbz this should really return uint32_t, with the maximum value
// meaning "not an index"...
inline int32_t
GetArrayIndexFromId(JSContext* cx, jsid id)
GetArrayIndexFromId(JSContext* cx, JS::Handle<jsid> id)
{
if (MOZ_LIKELY(JSID_IS_INT(id))) {
return JSID_TO_INT(id);
@ -118,7 +119,7 @@ FillPropertyDescriptor(JSPropertyDescriptor* desc, JSObject* obj, JS::Value v, b
}
JSObject*
EnsureExpandoObject(JSContext* cx, JSObject* obj);
EnsureExpandoObject(JSContext* cx, JS::Handle<JSObject*> obj);
} // namespace dom
} // namespace mozilla