mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-24 10:45:42 +00:00
Bug 1146316 - Preserve the wrapper of sandboxes, so that we never try to call WrapObject on them. r=bz.
--HG-- extra : rebase_source : a520fe62e7831c4a73f0ee4365c55f93965e14b6
This commit is contained in:
parent
adbd1ab2da
commit
f2ba86d2a9
@ -1051,11 +1051,8 @@ xpc::CreateSandboxObject(JSContext* cx, MutableHandleValue vp, nsISupports* prin
|
||||
{
|
||||
JSAutoCompartment ac(cx, sandbox);
|
||||
|
||||
nsCOMPtr<nsIScriptObjectPrincipal> sbp =
|
||||
new SandboxPrivate(principal, sandbox);
|
||||
|
||||
// Pass on ownership of sbp to |sandbox|.
|
||||
JS_SetPrivate(sandbox, sbp.forget().take());
|
||||
// This creates a SandboxPrivate and passes ownership of it to |sandbox|.
|
||||
SandboxPrivate::Create(principal, sandbox);
|
||||
|
||||
// Ensure |Object.prototype| is instantiated before prototype-
|
||||
// splicing below.
|
||||
|
@ -22,17 +22,28 @@ class SandboxPrivate : public nsIGlobalObject,
|
||||
public nsWrapperCache
|
||||
{
|
||||
public:
|
||||
SandboxPrivate(nsIPrincipal* principal, JSObject* global)
|
||||
: mPrincipal(principal)
|
||||
{
|
||||
SetIsNotDOMBinding();
|
||||
SetWrapper(global);
|
||||
}
|
||||
|
||||
NS_DECL_CYCLE_COLLECTING_ISUPPORTS
|
||||
NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS_AMBIGUOUS(SandboxPrivate,
|
||||
nsIGlobalObject)
|
||||
|
||||
static void Create(nsIPrincipal* principal, JS::Handle<JSObject*> global)
|
||||
{
|
||||
RefPtr<SandboxPrivate> sbp = new SandboxPrivate(principal);
|
||||
sbp->SetWrapper(global);
|
||||
sbp->PreserveWrapper(ToSupports(sbp.get()));
|
||||
|
||||
// Pass on ownership of sbp to |global|.
|
||||
// The type used to cast to void needs to match the one in GetPrivate.
|
||||
JS_SetPrivate(global, static_cast<nsIScriptObjectPrincipal*>(sbp.forget().take()));
|
||||
}
|
||||
|
||||
static SandboxPrivate* GetPrivate(JSObject* obj)
|
||||
{
|
||||
// The type used to cast to void needs to match the one in Create.
|
||||
return static_cast<SandboxPrivate*>(
|
||||
static_cast<nsIScriptObjectPrincipal*>(JS_GetPrivate(obj)));
|
||||
}
|
||||
|
||||
nsIPrincipal* GetPrincipal() override
|
||||
{
|
||||
return mPrincipal;
|
||||
@ -60,7 +71,14 @@ public:
|
||||
}
|
||||
|
||||
private:
|
||||
virtual ~SandboxPrivate() { }
|
||||
explicit SandboxPrivate(nsIPrincipal* principal)
|
||||
: mPrincipal(principal)
|
||||
{
|
||||
SetIsNotDOMBinding();
|
||||
}
|
||||
|
||||
virtual ~SandboxPrivate()
|
||||
{ }
|
||||
|
||||
nsCOMPtr<nsIPrincipal> mPrincipal;
|
||||
};
|
||||
|
@ -3047,7 +3047,15 @@ XPCJSRuntime::InitSingletonScopes()
|
||||
void
|
||||
XPCJSRuntime::DeleteSingletonScopes()
|
||||
{
|
||||
// We're pretty late in shutdown, so we call ReleaseWrapper on the scopes. This way
|
||||
// the GC can collect them immediately, and we don't rely on the CC to clean up.
|
||||
RefPtr<SandboxPrivate> sandbox = SandboxPrivate::GetPrivate(mUnprivilegedJunkScope);
|
||||
sandbox->ReleaseWrapper(sandbox);
|
||||
mUnprivilegedJunkScope = nullptr;
|
||||
sandbox = SandboxPrivate::GetPrivate(mPrivilegedJunkScope);
|
||||
sandbox->ReleaseWrapper(sandbox);
|
||||
mPrivilegedJunkScope = nullptr;
|
||||
sandbox = SandboxPrivate::GetPrivate(mCompilationScope);
|
||||
sandbox->ReleaseWrapper(sandbox);
|
||||
mCompilationScope = nullptr;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user