Bug 902249 - Fix some exact rooting hazards in js/ipc; r=jonco

2025-03-04 07:40:42 +00:00 · 2013-08-07 16:15:57 -07:00 · 2013-08-07 16:15:57 -07:00 · 9b5d03d305
commit 9b5d03d305
parent 3438cc1b1a
3 changed files with 21 additions and 14 deletions
--- a/js/ipc/JavaScriptChild.cpp
+++ b/js/ipc/JavaScriptChild.cpp
@ -251,13 +251,18 @@ JavaScriptChild::AnswerDefineProperty(const ObjectId &objId, const nsString &id,
    if (!convertGeckoStringToId(cx, id, &internedId))
        return fail(cx, rs);

-    JSPropertyDescriptor desc;
-    if (!toDescriptor(cx, descriptor, &desc))
+    Rooted<JSPropertyDescriptor> desc(cx);
+    if (!toDescriptor(cx, descriptor, desc.address()))
        return false;

-    RootedValue v(cx, desc.value);
-    if (!js::CheckDefineProperty(cx, obj, internedId, v, desc.getter, desc.setter, desc.attrs) ||
-        !JS_DefinePropertyById(cx, obj, internedId, v, desc.getter, desc.setter, desc.attrs))
+    if (!js::CheckDefineProperty(cx, obj, internedId, desc.value(), desc.getter(),
+                                 desc.setter(), desc.attributes()))
+    {
+        return fail(cx, rs);
+    }
+
+    if (!JS_DefinePropertyById(cx, obj, internedId, desc.value(), desc.getter(),
+                               desc.setter(), desc.attributes()))
    {
        return fail(cx, rs);
    }
--- a/js/ipc/JavaScriptShared.cpp
+++ b/js/ipc/JavaScriptShared.cpp
@ -375,16 +375,18 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in, JSP
    out->shortid = in.shortid();
    if (!toValue(cx, in.value(), &out->value))
        return false;
-    if (!unwrap(cx, in.objId(), &out->obj))
+    Rooted<JSObject*> obj(cx);
+    if (!unwrap(cx, in.objId(), &obj))
        return false;
+    out->obj = obj;

    if (!in.getter()) {
        out->getter = NULL;
    } else if (in.attrs() & JSPROP_GETTER) {
-        JSObject *getter;
+        Rooted<JSObject*> getter(cx);
        if (!unwrap(cx, in.getter(), &getter))
            return false;
-        out->getter = JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter);
+        out->getter = JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter.get());
    } else {
        if (in.getter() == DefaultPropertyOp)
            out->getter = JS_PropertyStub;
@ -395,10 +397,10 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in, JSP
    if (!in.setter()) {
        out->setter = NULL;
    } else if (in.attrs() & JSPROP_SETTER) {
-        JSObject *setter;
+        Rooted<JSObject*> setter(cx);
        if (!unwrap(cx, in.setter(), &setter))
            return false;
-        out->setter = JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter);
+        out->setter = JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter.get());
    } else {
        if (in.setter() == DefaultPropertyOp)
            out->setter = JS_StrictPropertyStub;
--- a/js/ipc/JavaScriptShared.h
+++ b/js/ipc/JavaScriptShared.h
@ -112,14 +112,14 @@ class JavaScriptShared
    virtual bool makeId(JSContext *cx, JSObject *obj, ObjectId *idp) = 0;
    virtual JSObject *unwrap(JSContext *cx, ObjectId id) = 0;

-    bool unwrap(JSContext *cx, ObjectId id, JSObject **objp) {
+    bool unwrap(JSContext *cx, ObjectId id, JS::MutableHandle<JSObject*> objp) {
        if (!id) {
-            *objp = NULL;
+            objp.set(NULL);
            return true;
        }

-        *objp = unwrap(cx, id);
-        return !!*objp;
+        objp.set(unwrap(cx, id));
+        return bool(objp.get());
    }

    static void ConvertID(const nsID &from, JSIID *to);