Bug 931467 - Make QS/DOM binding unwrapping like XPCConvert unwrapping for COWs. r=bholley.

--HG-- extra : rebase_source : bc3590722f310b7dfc9241cfa66eceb63651f5b7
2024-09-13 09:24:08 -07:00 · 2013-10-27 09:53:30 +01:00 · 2013-10-27 09:53:30 +01:00 · 0469885ba7
commit 0469885ba7
parent ef94a9ccf4
2 changed files with 21 additions and 3 deletions
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@ -993,6 +993,9 @@ XPCConvert::JSObject2NativeInterface(void** dest, HandleObject src,
        // involves fixing the contacts API and PeerConnection to stop using
        // COWs. This needs to happen, but for now just preserve the old
        // behavior.
+        //
+        // Note that there is an identical hack in getWrapper which should be
+        // removed if this one is.
        if (!inner && MOZ_UNLIKELY(xpc::WrapperFactory::IsCOW(src)))
            inner = js::UncheckedUnwrap(src);
        if (!inner) {
--- a/js/xpconnect/src/XPCQuickStubs.cpp
+++ b/js/xpconnect/src/XPCQuickStubs.cpp
@ -7,6 +7,7 @@
 #include "jsfriendapi.h"
 #include "jsprf.h"
 #include "nsCOMPtr.h"
+#include "WrapperFactory.h"
 #include "xpcprivate.h"
 #include "XPCInlines.h"
 #include "XPCQuickStubs.h"
@ -531,14 +532,28 @@ getWrapper(JSContext *cx,
    // If we pass stopAtOuter == false, we can handle all three with one call
    // to js::CheckedUnwrap.
    if (js::IsWrapper(obj)) {
-        obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+        JSObject* inner = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+
+        // Hack - For historical reasons, wrapped chrome JS objects have been
+        // passable as native interfaces. We'd like to fix this, but it
+        // involves fixing the contacts API and PeerConnection to stop using
+        // COWs. This needs to happen, but for now just preserve the old
+        // behavior.
+        //
+        // Note that there is an identical hack in
+        // XPCConvert::JSObject2NativeInterface which should be removed if this
+        // one is.
+        if (!inner && MOZ_UNLIKELY(xpc::WrapperFactory::IsCOW(obj)))
+            inner = js::UncheckedUnwrap(obj);

        // The safe unwrap might have failed if we encountered an object that
        // we're not allowed to unwrap. If it didn't fail though, we should be
        // done with wrappers.
-        if (!obj)
+        if (!inner)
            return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
-        MOZ_ASSERT(!js::IsWrapper(obj));
+        MOZ_ASSERT(!js::IsWrapper(inner));
+
+        obj = inner;
    }

    // Start with sane values.