From 20b4926e224d2f46756629254f3f12dd0f34aac5 Mon Sep 17 00:00:00 2001 From: Jon Coppeard Date: Fri, 31 Jan 2014 09:56:40 +0000 Subject: [PATCH] Bug 965904 - Fix some rooting hazards in the browser r=terrence --- dom/base/nsDOMWindowUtils.cpp | 11 +++++++---- js/src/vm/String.h | 2 +- js/xpconnect/src/XPCComponents.cpp | 8 ++++++-- js/xpconnect/src/XPCWrappedJSClass.cpp | 7 +++++-- netwerk/base/src/ProxyAutoConfig.cpp | 9 +++++---- xpfe/components/directory/nsDirectoryViewer.cpp | 10 +++++----- 6 files changed, 29 insertions(+), 18 deletions(-) diff --git a/dom/base/nsDOMWindowUtils.cpp b/dom/base/nsDOMWindowUtils.cpp index 291fc4d7b7c..10d13aedec0 100644 --- a/dom/base/nsDOMWindowUtils.cpp +++ b/dom/base/nsDOMWindowUtils.cpp @@ -2835,8 +2835,8 @@ GetXPConnectNative(JSContext* aCx, JSObject* aObj) { } static nsresult -GetFileOrBlob(const nsAString& aName, const JS::Value& aBlobParts, - const JS::Value& aParameters, JSContext* aCx, +GetFileOrBlob(const nsAString& aName, JS::Handle aBlobParts, + JS::Handle aParameters, JSContext* aCx, uint8_t aOptionalArgCount, nsISupports** aResult) { if (!nsContentUtils::IsCallerChrome()) { @@ -2858,9 +2858,12 @@ GetFileOrBlob(const nsAString& aName, const JS::Value& aBlobParts, nsDOMMultipartFile* domFile = static_cast(static_cast(file.get())); - JS::Value args[2] = { aBlobParts, aParameters }; + JS::AutoValueVector args(aCx); + MOZ_ALWAYS_TRUE(args.resize(2)); + args[0] = aBlobParts; + args[1] = aParameters; - rv = domFile->InitBlob(aCx, aOptionalArgCount, args, GetXPConnectNative); + rv = domFile->InitBlob(aCx, aOptionalArgCount, args.begin(), GetXPConnectNative); NS_ENSURE_SUCCESS(rv, rv); file.forget(aResult); diff --git a/js/src/vm/String.h b/js/src/vm/String.h index 77bf2be56e7..176c155a559 100644 --- a/js/src/vm/String.h +++ b/js/src/vm/String.h @@ -986,7 +986,7 @@ class AutoNameVector : public AutoVectorRooter } HandlePropertyName operator[](size_t i) const { - return HandlePropertyName::fromMarkedLocation(&BaseType::operator[](i)); + return HandlePropertyName::fromMarkedLocation(&begin()[i]); } MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp index 9dacc022ed8..d9815805d38 100644 --- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -2155,9 +2155,13 @@ nsXPCConstructor::CallOrConstruct(nsIXPConnectWrappedNative *wrapper,JSContext * return ThrowAndFail(NS_ERROR_XPC_CANT_CREATE_WN, cx, _retval); } - Value argv[1] = {ObjectValue(*iidObj)}; + JS::AutoValueVector argv(cx); + MOZ_ALWAYS_TRUE(argv.resize(1)); + argv[0].setObject(*iidObj); + RootedValue rval(cx); - if (!JS_CallFunctionName(cx, cidObj, "createInstance", 1, argv, rval.address()) || + if (!JS_CallFunctionName(cx, cidObj, "createInstance", 1, argv.begin(), + rval.address()) || rval.isPrimitive()) { // createInstance will have thrown an exception *_retval = false; diff --git a/js/xpconnect/src/XPCWrappedJSClass.cpp b/js/xpconnect/src/XPCWrappedJSClass.cpp index b71c7da445d..d8198606d80 100644 --- a/js/xpconnect/src/XPCWrappedJSClass.cpp +++ b/js/xpconnect/src/XPCWrappedJSClass.cpp @@ -237,8 +237,11 @@ nsXPCWrappedJSClass::CallQueryInterfaceOnJSObject(JSContext* cx, { AutoSaveContextOptions asco(cx); ContextOptionsRef(cx).setDontReportUncaught(true); - jsval args[1] = {OBJECT_TO_JSVAL(id)}; - success = JS_CallFunctionValue(cx, jsobj, fun, 1, args, retval.address()); + JS::AutoValueVector argv(cx); + MOZ_ALWAYS_TRUE(argv.resize(1)); + argv[0].setObject(*id); + success = JS_CallFunctionValue(cx, jsobj, fun, 1, argv.begin(), + retval.address()); } if (!success && JS_IsExceptionPending(cx)) { diff --git a/netwerk/base/src/ProxyAutoConfig.cpp b/netwerk/base/src/ProxyAutoConfig.cpp index f245efa4e4e..a58dcbc23f3 100644 --- a/netwerk/base/src/ProxyAutoConfig.cpp +++ b/netwerk/base/src/ProxyAutoConfig.cpp @@ -681,13 +681,14 @@ ProxyAutoConfig::GetProxyForURI(const nsCString &aTestURI, JS::RootedString hostString(cx, JS_NewStringCopyZ(cx, aTestHost.get())); if (uriString && hostString) { - JS::RootedValue uriValue(cx, STRING_TO_JSVAL(uriString)); - JS::RootedValue hostValue(cx, STRING_TO_JSVAL(hostString)); + JS::AutoValueVector argv(cx); + MOZ_ALWAYS_TRUE(argv.resize(2)); + argv[0].setString(uriString); + argv[1].setString(hostString); - JS::Value argv[2] = { uriValue, hostValue }; JS::Rooted rval(cx); bool ok = JS_CallFunctionName(cx, mJSRuntime->Global(), - "FindProxyForURL", 2, argv, rval.address()); + "FindProxyForURL", 2, argv.begin(), rval.address()); if (ok && rval.isString()) { nsDependentJSString pacString; diff --git a/xpfe/components/directory/nsDirectoryViewer.cpp b/xpfe/components/directory/nsDirectoryViewer.cpp index 4c79aa54b78..e3c6678c0a1 100644 --- a/xpfe/components/directory/nsDirectoryViewer.cpp +++ b/xpfe/components/directory/nsDirectoryViewer.cpp @@ -164,22 +164,22 @@ nsHTTPIndex::OnFTPControlLog(bool server, const char *msg) JS::Rooted global(cx, JS::CurrentGlobalOrNull(cx)); NS_ENSURE_TRUE(global, NS_OK); - JS::Value params[2]; - nsString unicodeMsg; unicodeMsg.AssignWithConversion(msg); JSString* jsMsgStr = JS_NewUCStringCopyZ(cx, unicodeMsg.get()); NS_ENSURE_TRUE(jsMsgStr, NS_ERROR_OUT_OF_MEMORY); - params[0] = BOOLEAN_TO_JSVAL(server); - params[1] = STRING_TO_JSVAL(jsMsgStr); + JS::AutoValueVector params(cx); + MOZ_ALWAYS_TRUE(params.resize(2)); + params[0].setBoolean(server); + params[1].setString(jsMsgStr); JS::Rooted val(cx); JS_CallFunctionName(cx, global, "OnFTPControlLog", 2, - params, + params.begin(), val.address()); return NS_OK; }