mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
Bug 679013 - jsdbg2: Crash when a scripted proxy handler throws Error.prototype. r=Waldo.
This commit is contained in:
parent
8a7028d704
commit
7ed3561b9f
@ -0,0 +1,16 @@
|
||||
// Don't crash when a scripted proxy handler throws Error.prototype.
|
||||
|
||||
var g = newGlobal('new-compartment');
|
||||
var dbg = Debugger(g);
|
||||
dbg.onDebuggerStatement = function (frame) {
|
||||
try {
|
||||
frame.arguments[0].deleteProperty("x");
|
||||
} catch (exc) {
|
||||
return;
|
||||
}
|
||||
throw new Error("deleteProperty should throw");
|
||||
};
|
||||
|
||||
g.eval("function h(x) { debugger; }");
|
||||
g.eval("h(Proxy.create({delete: function () { throw Error.prototype; }}));");
|
||||
|
@ -102,7 +102,9 @@ js_GetLocalizedErrorMessage(JSContext* cx, void *userRef, const char *locale,
|
||||
* Make a copy of errobj parented to scope.
|
||||
*
|
||||
* cx must be in the same compartment as scope. errobj may be in a different
|
||||
* compartment, but it must be an Error object (not a wrapper of one).
|
||||
* compartment, but it must be an Error object (not a wrapper of one) and it
|
||||
* must not be one of the prototype objects created by js_InitExceptionClasses
|
||||
* (errobj->getPrivate() must not be NULL).
|
||||
*/
|
||||
extern JSObject *
|
||||
js_CopyErrorObject(JSContext *cx, JSObject *errobj, JSObject *scope);
|
||||
|
@ -484,7 +484,7 @@ ErrorCopier::~ErrorCopier()
|
||||
cx->isExceptionPending())
|
||||
{
|
||||
Value exc = cx->getPendingException();
|
||||
if (exc.isObject() && exc.toObject().isError()) {
|
||||
if (exc.isObject() && exc.toObject().isError() && exc.toObject().getPrivate()) {
|
||||
cx->clearPendingException();
|
||||
ac.leave();
|
||||
JSObject *copyobj = js_CopyErrorObject(cx, &exc.toObject(), scope);
|
||||
|
@ -3003,6 +3003,7 @@ DebuggerObject_getOwnPropertyDescriptor(JSContext *cx, uintN argc, Value *vp)
|
||||
if (!ac.enter() || !cx->compartment->wrapId(cx, &id))
|
||||
return false;
|
||||
|
||||
ErrorCopier ec(ac, dbg->toJSObject());
|
||||
if (!GetOwnPropertyDescriptor(cx, obj, id, &desc))
|
||||
return false;
|
||||
}
|
||||
@ -3039,6 +3040,7 @@ DebuggerObject_getOwnPropertyNames(JSContext *cx, uintN argc, Value *vp)
|
||||
if (!ac.enter())
|
||||
return false;
|
||||
|
||||
ErrorCopier ec(ac, dbg->toJSObject());
|
||||
if (!GetPropertyNames(cx, obj, JSITER_OWNONLY | JSITER_HIDDEN, &keys))
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user