Bug 1032457 - Separate out cloning and non-cloning function forwarders. r=gabor

We're going to add functionality to the cloning version, and the non-cloning version is going away.
2024-10-16 23:05:42 +00:00 · 2014-07-03 11:00:54 -07:00 · 2014-07-03 11:00:54 -07:00 · e99f0db620
commit e99f0db620
parent 62998b097a
4 changed files with 28 additions and 19 deletions
--- a/js/xpconnect/src/ExportHelpers.cpp
+++ b/js/xpconnect/src/ExportHelpers.cpp
@ -79,7 +79,7 @@ StackScopedCloneRead(JSContext *cx, JSStructuredCloneReader *reader, uint32_t ta
      if (!JS_WrapObject(cx, &obj))
          return nullptr;

-      if (!xpc::NewFunctionForwarder(cx, obj, true, &functionValue))
+      if (!xpc::NewFunctionForwarder(cx, JSID_VOIDHANDLE, obj, &functionValue))
          return nullptr;

      return &functionValue.toObject();
@ -243,13 +243,15 @@ NonCloningFunctionForwarder(JSContext *cx, unsigned argc, Value *vp)
    return JS_CallFunctionValue(cx, obj, v, args, args.rval());
 }
 bool
-NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
-                          MutableHandleValue vp)
+NewFunctionForwarder(JSContext *cx, HandleId idArg, HandleObject callable,
+                     MutableHandleValue vp)
 {
-    JSFunction *fun = js::NewFunctionByIdWithReserved(cx, doclone ? CloningFunctionForwarder :
-                                                                    NonCloningFunctionForwarder,
-                                                                    0,0, JS::CurrentGlobalOrNull(cx), id);
+    RootedId id(cx, idArg);
+    if (id == JSID_VOIDHANDLE)
+        id = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EMPTYSTRING);

+    JSFunction *fun = js::NewFunctionByIdWithReserved(cx, CloningFunctionForwarder, 0,0,
+                                                      JS::CurrentGlobalOrNull(cx), id);
    if (!fun)
        return false;

@ -260,15 +262,18 @@ NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doc
 }

 bool
-NewFunctionForwarder(JSContext *cx, HandleObject callable, bool doclone,
-                          MutableHandleValue vp)
+NewNonCloningFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable,
+                               MutableHandleValue vp)
 {
-    RootedId emptyId(cx);
-    RootedValue emptyStringValue(cx, JS_GetEmptyStringValue(cx));
-    if (!JS_ValueToId(cx, emptyStringValue, &emptyId))
+    JSFunction *fun = js::NewFunctionByIdWithReserved(cx, NonCloningFunctionForwarder,
+                                                      0,0, JS::CurrentGlobalOrNull(cx), id);
+    if (!fun)
        return false;

-    return NewFunctionForwarder(cx, emptyId, callable, doclone, vp);
+    JSObject *funobj = JS_GetFunctionObject(fun);
+    js::SetFunctionNativeReserved(funobj, 0, ObjectValue(*callable));
+    vp.setObject(*funobj);
+    return true;
 }

 bool
@ -334,7 +339,7 @@ ExportFunction(JSContext *cx, HandleValue vfunction, HandleValue vscope, HandleV

        // And now, let's create the forwarder function in the target compartment
        // for the function the be exported.
-        if (!NewFunctionForwarder(cx, id, funObj, /* doclone = */ true, rval)) {
+        if (!NewFunctionForwarder(cx, id, funObj, rval)) {
            JS_ReportError(cx, "Exporting function failed");
            return false;
        }
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@ -3084,7 +3084,7 @@ nsXPCComponents_Utils::MakeObjectPropsNormal(HandleValue vobj, JSContext *cx)
        if (!js::IsWrapper(propobj) || !JS_ObjectIsCallable(cx, propobj))
            continue;

-        if (!NewFunctionForwarder(cx, id, propobj, /* doclone = */ false, &v) ||
+        if (!NewNonCloningFunctionForwarder(cx, id, propobj, &v) ||
            !JS_SetPropertyById(cx, obj, id, v))
            return NS_ERROR_FAILURE;
    }
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@ -85,6 +85,7 @@ const char* const XPCJSRuntime::mStrings[] = {
    "length",               // IDX_LENGTH
    "name",                 // IDX_NAME
    "undefined",            // IDX_UNDEFINED
+    "",                     // IDX_EMPTYSTRING
 };

 /***************************************************************************/
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@ -481,6 +481,7 @@ public:
        IDX_LENGTH                  ,
        IDX_NAME                    ,
        IDX_UNDEFINED               ,
+        IDX_EMPTYSTRING             ,
        IDX_TOTAL_COUNT // just a count of the above
    };

@ -3282,15 +3283,17 @@ Btoa(JSContext *cx, unsigned argc, jsval *vp);


 // Helper function that creates a JSFunction that wraps a native function that
-// forwards the call to the original 'callable'. If the 'doclone' argument is
-// set, it also structure clones non-native arguments for extra security.
+// forwards the call to the original 'callable'. Any object-valued arguments are
+// cloned at call time for improved security.
 bool
 NewFunctionForwarder(JSContext *cx, JS::HandleId id, JS::HandleObject callable,
-                     bool doclone, JS::MutableHandleValue vp);
+                     JS::MutableHandleValue vp);

+// Old-style function forwarding without structured-cloning for arguments. This
+// is deprecated.
 bool
-NewFunctionForwarder(JSContext *cx, JS::HandleObject callable,
-                     bool doclone, JS::MutableHandleValue vp);
+NewNonCloningFunctionForwarder(JSContext *cx, JS::HandleId id,
+                               JS::HandleObject callable, JS::MutableHandleValue vp);

 // Old fashioned xpc error reporter. Try to use JS_ReportError instead.
 nsresult