Bug 1052139 - Make more parts of the global object's prototype chain immutable, when we flip that switch. r=bz

2024-09-13 09:24:08 -07:00 · 2015-10-08 15:08:13 -07:00 · 2015-10-08 15:08:13 -07:00 · 11a4e72a00
commit 11a4e72a00
parent 9e771cf7d6
3 changed files with 39 additions and 1 deletions
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@ -3111,6 +3111,14 @@ CreateGlobal(JSContext* aCx, T* aNative, nsWrapperCache* aCache,
    return nullptr;
  }

+  bool succeeded;
+  if (!JS_SetImmutablePrototype(aCx, aGlobal, &succeeded)) {
+    return nullptr;
+  }
+  MOZ_ASSERT(succeeded,
+             "making a fresh global object's [[Prototype]] immutable can "
+             "internally fail, but it should never be unsuccessful");
+
  return proto;
 }

--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@ -2953,9 +2953,32 @@ class CGCreateInterfaceObjectsMethod(CGAbstractMethod):
        else:
            unforgeableHolderSetup = None

+        if (self.descriptor.interface.isOnGlobalProtoChain() and
+            needInterfacePrototypeObject):
+            makeProtoPrototypeImmutable = CGGeneric(fill(
+                """
+                if (*${protoCache}) {
+                  bool succeeded;
+                  JS::Handle<JSObject*> prot = GetProtoObjectHandle(aCx, aGlobal);
+                  if (!JS_SetImmutablePrototype(aCx, prot, &succeeded)) {
+                    $*{failureCode}
+                  }
+
+                  MOZ_ASSERT(succeeded,
+                             "making a fresh prototype object's [[Prototype]] "
+                             "immutable can internally fail, but it should "
+                             "never be unsuccessful");
+                }
+                """,
+                protoCache=protoCache,
+                failureCode=failureCode))
+        else:
+            makeProtoPrototypeImmutable = None
+
        return CGList(
            [getParentProto, CGGeneric(getConstructorProto), initIds,
-             prefCache, CGGeneric(call), defineAliases, unforgeableHolderSetup],
+             prefCache, CGGeneric(call), defineAliases, unforgeableHolderSetup,
+             makeProtoPrototypeImmutable],
            "\n").define()


--- a/js/src/builtin/Object.cpp
+++ b/js/src/builtin/Object.cpp
@ -1056,6 +1056,13 @@ CreateObjectPrototype(JSContext* cx, JSProtoKey key)
    if (!objectProto)
        return nullptr;

+    bool succeeded;
+    if (!SetImmutablePrototype(cx, objectProto, &succeeded))
+        return nullptr;
+    MOZ_ASSERT(succeeded,
+               "should have been able to make a fresh Object.prototype's "
+               "[[Prototype]] immutable");
+
    /*
     * The default 'new' type of Object.prototype is required by type inference
     * to have unknown properties, to simplify handling of e.g. heterogenous