Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-25 03:49:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1559489, part 2 - Split out the back half of RemapWrapper into a new method. r=tcampbell

Browse Source 
I need it for the final patch.

Differential Revision: https://phabricator.services.mozilla.com/D38341

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrew McCreight 2019-08-13 19:09:46 +00:00
parent 1e7546a42e
commit be5f1ce737
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
js/public/Wrapper.h
View File

@ -472,6 +472,7 @@ JS_FRIEND_API void NukeCrossCompartmentWrapperIfExists(JSContext* cx,
JSObject* target);
void RemapWrapper(JSContext* cx, JSObject* wobj, JSObject* newTarget);
void RemapDeadWrapper(JSContext* cx, HandleObject wobj, HandleObject newTarget);
JS_FRIEND_API bool RemapAllWrappersForObject(JSContext* cx,
HandleObject oldTarget,

17
js/src/proxy/CrossCompartmentWrapper.cpp
View File

@ -547,9 +547,21 @@ void js::RemapWrapper(JSContext* cx, JSObject* wobjArg,
// When we remove origv from the wrapper map, its wrapper, wobj, must
// immediately cease to be a cross-compartment wrapper. Nuke it.
NukeCrossCompartmentWrapper(cx, wobj);
js::RemapDeadWrapper(cx, wobj, newTarget);
}
// wobj is no longer a cross-compartment wrapper after nuking it, so we can
// now use nonCCWRealm.
// Given a dead proxy object |wobj|, turn it into a cross-compartment wrapper
// pointing at |newTarget|.
// This operation crashes on failure rather than leaving the heap in an
// inconsistent state.
void js::RemapDeadWrapper(JSContext* cx, HandleObject wobj,
HandleObject newTarget) {
MOZ_ASSERT(IsDeadProxyObject(wobj));
MOZ_ASSERT(!newTarget->is<CrossCompartmentWrapperObject>());
AutoDisableProxyCheck adpc;
// wobj is not a cross-compartment wrapper, so we can use nonCCWRealm.
Realm* wrealm = wobj->nonCCWRealm();
// First, we wrap it in the new compartment. We try to use the existing
@ -558,6 +570,7 @@ void js::RemapWrapper(JSContext* cx, JSObject* wobjArg,
RootedObject tobj(cx, newTarget);
AutoRealmUnchecked ar(cx, wrealm);
AutoEnterOOMUnsafeRegion oomUnsafe;
JS::Compartment* wcompartment = wobj->compartment();
if (!wcompartment->rewrap(cx, &tobj, wobj)) {
oomUnsafe.crash("js::RemapWrapper");
}