Bug 965904 - Fix some rooting hazards in the browser r=terrence

2024-09-13 09:24:08 -07:00 · 2014-01-31 09:56:40 +00:00 · 2014-01-31 09:56:40 +00:00 · 20b4926e22
commit 20b4926e22
parent 858370c616
6 changed files with 29 additions and 18 deletions
--- a/dom/base/nsDOMWindowUtils.cpp
+++ b/dom/base/nsDOMWindowUtils.cpp
@ -2835,8 +2835,8 @@ GetXPConnectNative(JSContext* aCx, JSObject* aObj) {
 }

 static nsresult
-GetFileOrBlob(const nsAString& aName, const JS::Value& aBlobParts,
-              const JS::Value& aParameters, JSContext* aCx,
+GetFileOrBlob(const nsAString& aName, JS::Handle<JS::Value> aBlobParts,
+              JS::Handle<JS::Value> aParameters, JSContext* aCx,
              uint8_t aOptionalArgCount, nsISupports** aResult)
 {
  if (!nsContentUtils::IsCallerChrome()) {
@ -2858,9 +2858,12 @@ GetFileOrBlob(const nsAString& aName, const JS::Value& aBlobParts,
  nsDOMMultipartFile* domFile =
    static_cast<nsDOMMultipartFile*>(static_cast<nsIDOMFile*>(file.get()));

-  JS::Value args[2] = { aBlobParts, aParameters };
+  JS::AutoValueVector args(aCx);
+  MOZ_ALWAYS_TRUE(args.resize(2));
+  args[0] = aBlobParts;
+  args[1] = aParameters;

-  rv = domFile->InitBlob(aCx, aOptionalArgCount, args, GetXPConnectNative);
+  rv = domFile->InitBlob(aCx, aOptionalArgCount, args.begin(), GetXPConnectNative);
  NS_ENSURE_SUCCESS(rv, rv);

  file.forget(aResult);
--- a/js/src/vm/String.h
+++ b/js/src/vm/String.h
@ -986,7 +986,7 @@ class AutoNameVector : public AutoVectorRooter<PropertyName *>
    }

    HandlePropertyName operator[](size_t i) const {
-        return HandlePropertyName::fromMarkedLocation(&BaseType::operator[](i));
+        return HandlePropertyName::fromMarkedLocation(&begin()[i]);
    }

    MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@ -2155,9 +2155,13 @@ nsXPCConstructor::CallOrConstruct(nsIXPConnectWrappedNative *wrapper,JSContext *
        return ThrowAndFail(NS_ERROR_XPC_CANT_CREATE_WN, cx, _retval);
    }

-    Value argv[1] = {ObjectValue(*iidObj)};
+    JS::AutoValueVector argv(cx);
+    MOZ_ALWAYS_TRUE(argv.resize(1));
+    argv[0].setObject(*iidObj);
+
    RootedValue rval(cx);
-    if (!JS_CallFunctionName(cx, cidObj, "createInstance", 1, argv, rval.address()) ||
+    if (!JS_CallFunctionName(cx, cidObj, "createInstance", 1, argv.begin(),
+                             rval.address()) ||
        rval.isPrimitive()) {
        // createInstance will have thrown an exception
        *_retval = false;
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@ -237,8 +237,11 @@ nsXPCWrappedJSClass::CallQueryInterfaceOnJSObject(JSContext* cx,
        {
            AutoSaveContextOptions asco(cx);
            ContextOptionsRef(cx).setDontReportUncaught(true);
-            jsval args[1] = {OBJECT_TO_JSVAL(id)};
-            success = JS_CallFunctionValue(cx, jsobj, fun, 1, args, retval.address());
+            JS::AutoValueVector argv(cx);
+            MOZ_ALWAYS_TRUE(argv.resize(1));
+            argv[0].setObject(*id);
+            success = JS_CallFunctionValue(cx, jsobj, fun, 1, argv.begin(),
+                                           retval.address());
        }

        if (!success && JS_IsExceptionPending(cx)) {
--- a/netwerk/base/src/ProxyAutoConfig.cpp
+++ b/netwerk/base/src/ProxyAutoConfig.cpp
@ -681,13 +681,14 @@ ProxyAutoConfig::GetProxyForURI(const nsCString &aTestURI,
  JS::RootedString hostString(cx, JS_NewStringCopyZ(cx, aTestHost.get()));

  if (uriString && hostString) {
-    JS::RootedValue uriValue(cx, STRING_TO_JSVAL(uriString));
-    JS::RootedValue hostValue(cx, STRING_TO_JSVAL(hostString));
+    JS::AutoValueVector argv(cx);
+    MOZ_ALWAYS_TRUE(argv.resize(2));
+    argv[0].setString(uriString);
+    argv[1].setString(hostString);

-    JS::Value argv[2] = { uriValue, hostValue };
    JS::Rooted<JS::Value> rval(cx);
    bool ok = JS_CallFunctionName(cx, mJSRuntime->Global(),
-                                    "FindProxyForURL", 2, argv, rval.address());
+                                  "FindProxyForURL", 2, argv.begin(), rval.address());

    if (ok && rval.isString()) {
      nsDependentJSString pacString;
--- a/xpfe/components/directory/nsDirectoryViewer.cpp
+++ b/xpfe/components/directory/nsDirectoryViewer.cpp
@ -164,22 +164,22 @@ nsHTTPIndex::OnFTPControlLog(bool server, const char *msg)
    JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx));
    NS_ENSURE_TRUE(global, NS_OK);

-    JS::Value params[2];
-
    nsString unicodeMsg;
    unicodeMsg.AssignWithConversion(msg);
    JSString* jsMsgStr = JS_NewUCStringCopyZ(cx, unicodeMsg.get());
    NS_ENSURE_TRUE(jsMsgStr, NS_ERROR_OUT_OF_MEMORY);

-    params[0] = BOOLEAN_TO_JSVAL(server);
-    params[1] = STRING_TO_JSVAL(jsMsgStr);
+    JS::AutoValueVector params(cx);
+    MOZ_ALWAYS_TRUE(params.resize(2));
+    params[0].setBoolean(server);
+    params[1].setString(jsMsgStr);

    JS::Rooted<JS::Value> val(cx);
    JS_CallFunctionName(cx,
                        global,
                        "OnFTPControlLog",
                        2,
-                        params,
+                        params.begin(),
                        val.address());
    return NS_OK;
 }