mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 20:05:49 +00:00
Bug 865969 part 7. Fix rooting hazards in DOMJSProxyHandler.cpp. r=ms2ger
This commit is contained in:
parent
7640b170ac
commit
5c1c270e34
@ -614,14 +614,15 @@ protected:
|
||||
|
||||
// False return value means we threw an exception. True return value
|
||||
// but false "found" means we didn't have a subframe at that index.
|
||||
bool GetSubframeWindow(JSContext *cx, JSObject *proxy, jsid id,
|
||||
bool GetSubframeWindow(JSContext *cx, JS::Handle<JSObject*> proxy,
|
||||
JS::Handle<jsid> id,
|
||||
JS::Value *vp, bool &found);
|
||||
|
||||
// Returns a non-null window only if id is an index and we have a
|
||||
// window at that index.
|
||||
already_AddRefed<nsIDOMWindow> GetSubframeWindow(JSContext *cx,
|
||||
JSObject *proxy,
|
||||
jsid id);
|
||||
JS::Handle<JSObject*> proxy,
|
||||
JS::Handle<jsid> id);
|
||||
|
||||
bool AppendIndexedPropertyNames(JSContext *cx, JSObject *proxy,
|
||||
JS::AutoIdVector &props);
|
||||
@ -869,8 +870,9 @@ nsOuterWindowProxy::iterate(JSContext *cx, JS::Handle<JSObject*> proxy,
|
||||
}
|
||||
|
||||
bool
|
||||
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy,
|
||||
jsid id, JS::Value* vp,
|
||||
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx,
|
||||
JS::Handle<JSObject*> proxy,
|
||||
JS::Handle<jsid> id, JS::Value* vp,
|
||||
bool& found)
|
||||
{
|
||||
nsCOMPtr<nsIDOMWindow> frame = GetSubframeWindow(cx, proxy, id);
|
||||
@ -895,7 +897,9 @@ nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy,
|
||||
}
|
||||
|
||||
already_AddRefed<nsIDOMWindow>
|
||||
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx, JSObject *proxy, jsid id)
|
||||
nsOuterWindowProxy::GetSubframeWindow(JSContext *cx,
|
||||
JS::Handle<JSObject*> proxy,
|
||||
JS::Handle<jsid> id)
|
||||
{
|
||||
int32_t index = GetArrayIndexFromId(cx, id);
|
||||
if (!IsArrayIndex(index)) {
|
||||
|
@ -60,10 +60,10 @@ DOMProxyHandler::GetAndClearExpandoObject(JSObject* obj)
|
||||
|
||||
// static
|
||||
JSObject*
|
||||
DOMProxyHandler::EnsureExpandoObject(JSContext* cx, JSObject* obj)
|
||||
DOMProxyHandler::EnsureExpandoObject(JSContext* cx, JS::Handle<JSObject*> obj)
|
||||
{
|
||||
NS_ASSERTION(IsDOMProxy(obj), "expected a DOM proxy object");
|
||||
JSObject* expando = GetExpandoObject(obj);
|
||||
JS::Rooted<JSObject*> expando(cx, GetExpandoObject(obj));
|
||||
if (!expando) {
|
||||
expando = JS_NewObjectWithGivenProto(cx, nullptr, nullptr,
|
||||
js::GetObjectParent(obj));
|
||||
@ -110,8 +110,8 @@ DOMProxyHandler::getPropertyDescriptor(JSContext* cx, JS::Handle<JSObject*> prox
|
||||
return true;
|
||||
}
|
||||
|
||||
JSObject* proto;
|
||||
if (!js::GetObjectProto(cx, proxy, &proto)) {
|
||||
JS::Rooted<JSObject*> proto(cx);
|
||||
if (!js::GetObjectProto(cx, proxy, proto.address())) {
|
||||
return false;
|
||||
}
|
||||
if (!proto) {
|
||||
@ -153,10 +153,11 @@ DOMProxyHandler::delete_(JSContext* cx, JS::Handle<JSObject*> proxy,
|
||||
{
|
||||
JSBool b = true;
|
||||
|
||||
JSObject* expando;
|
||||
JS::Rooted<JSObject*> expando(cx);
|
||||
if (!xpc::WrapperFactory::IsXrayWrapper(proxy) && (expando = GetExpandoObject(proxy))) {
|
||||
Value v;
|
||||
if (!JS_DeletePropertyById2(cx, expando, id, &v) || !JS_ValueToBoolean(cx, v, &b)) {
|
||||
JS::Rooted<Value> v(cx);
|
||||
if (!JS_DeletePropertyById2(cx, expando, id, v.address()) ||
|
||||
!JS_ValueToBoolean(cx, v, &b)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -168,8 +169,8 @@ DOMProxyHandler::delete_(JSContext* cx, JS::Handle<JSObject*> proxy,
|
||||
bool
|
||||
DOMProxyHandler::enumerate(JSContext* cx, JS::Handle<JSObject*> proxy, AutoIdVector& props)
|
||||
{
|
||||
JSObject* proto;
|
||||
if (!JS_GetPrototype(cx, proxy, &proto)) {
|
||||
JS::Rooted<JSObject*> proto(cx);
|
||||
if (!JS_GetPrototype(cx, proxy, proto.address())) {
|
||||
return false;
|
||||
}
|
||||
return getOwnPropertyNames(cx, proxy, props) &&
|
||||
@ -190,8 +191,8 @@ DOMProxyHandler::has(JSContext* cx, JS::Handle<JSObject*> proxy, JS::Handle<jsid
|
||||
}
|
||||
|
||||
// OK, now we have to look at the proto
|
||||
JSObject *proto;
|
||||
if (!js::GetObjectProto(cx, proxy, &proto)) {
|
||||
JS::Rooted<JSObject*> proto(cx);
|
||||
if (!js::GetObjectProto(cx, proxy, proto.address())) {
|
||||
return false;
|
||||
}
|
||||
if (!proto) {
|
||||
@ -212,8 +213,8 @@ DOMProxyHandler::AppendNamedPropertyIds(JSContext* cx,
|
||||
JS::AutoIdVector& props)
|
||||
{
|
||||
for (uint32_t i = 0; i < names.Length(); ++i) {
|
||||
JS::Value v;
|
||||
if (!xpc::NonVoidStringToJsval(cx, names[i], &v)) {
|
||||
JS::Rooted<JS::Value> v(cx);
|
||||
if (!xpc::NonVoidStringToJsval(cx, names[i], v.address())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -233,7 +234,7 @@ DOMProxyHandler::AppendNamedPropertyIds(JSContext* cx,
|
||||
}
|
||||
|
||||
int32_t
|
||||
IdToInt32(JSContext* cx, jsid id)
|
||||
IdToInt32(JSContext* cx, JS::Handle<jsid> id)
|
||||
{
|
||||
JSAutoRequest ar(cx);
|
||||
|
||||
|
@ -54,7 +54,8 @@ public:
|
||||
return v.isUndefined() ? NULL : v.toObjectOrNull();
|
||||
}
|
||||
static JSObject* GetAndClearExpandoObject(JSObject* obj);
|
||||
static JSObject* EnsureExpandoObject(JSContext* cx, JSObject* obj);
|
||||
static JSObject* EnsureExpandoObject(JSContext* cx,
|
||||
JS::Handle<JSObject*> obj);
|
||||
|
||||
const DOMClass& mClass;
|
||||
|
||||
@ -68,12 +69,12 @@ protected:
|
||||
|
||||
extern jsid s_length_id;
|
||||
|
||||
int32_t IdToInt32(JSContext* cx, jsid id);
|
||||
int32_t IdToInt32(JSContext* cx, JS::Handle<jsid> id);
|
||||
|
||||
// XXXbz this should really return uint32_t, with the maximum value
|
||||
// meaning "not an index"...
|
||||
inline int32_t
|
||||
GetArrayIndexFromId(JSContext* cx, jsid id)
|
||||
GetArrayIndexFromId(JSContext* cx, JS::Handle<jsid> id)
|
||||
{
|
||||
if (MOZ_LIKELY(JSID_IS_INT(id))) {
|
||||
return JSID_TO_INT(id);
|
||||
@ -118,7 +119,7 @@ FillPropertyDescriptor(JSPropertyDescriptor* desc, JSObject* obj, JS::Value v, b
|
||||
}
|
||||
|
||||
JSObject*
|
||||
EnsureExpandoObject(JSContext* cx, JSObject* obj);
|
||||
EnsureExpandoObject(JSContext* cx, JS::Handle<JSObject*> obj);
|
||||
|
||||
} // namespace dom
|
||||
} // namespace mozilla
|
||||
|
Loading…
Reference in New Issue
Block a user