Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 03:45:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1414461. Make sure we always null-check the result of XrayTraits::EnsureHolder. r=mccr8

Browse Source 
MozReview-Commit-ID: IV2L0f2612D
This commit is contained in:
Boris Zbarsky 2017-11-04 00:36:34 -04:00
parent 37836d94c0
commit 91cf28ede5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
js/xpconnect/wrappers/XrayWrapper.cpp
View File

@ -716,6 +716,8 @@ bool
JSXrayTraits::delete_(JSContext* cx, HandleObject wrapper, HandleId id, ObjectOpResult& result)
{
RootedObject holder(cx, ensureHolder(cx, wrapper));
if (!holder)
return false;
// If we're using Object Xrays, we allow callers to attempt to delete any
// property from the underlying object that they are able to resolve. Note
@ -954,6 +956,9 @@ JSXrayTraits::construct(JSContext* cx, HandleObject wrapper,
{
JSXrayTraits& self = JSXrayTraits::singleton;
JS::RootedObject holder(cx, self.ensureHolder(cx, wrapper));
if (!holder)
return false;
if (self.getProtoKey(holder) == JSProto_Function) {
JSProtoKey standardConstructor = constructorFor(holder);
if (standardConstructor == JSProto_Null)