bug 580128 - Make xpcconvert trust cx->compartment when called from JS. r=peterv

2024-09-13 09:24:08 -07:00 · 2010-09-22 16:35:10 -07:00 · 2010-09-22 16:35:10 -07:00 · 420eda056d
commit 420eda056d
parent 03cb31a09c
1 changed files with 31 additions and 51 deletions
--- a/js/src/xpconnect/src/xpcconvert.cpp
+++ b/js/src/xpconnect/src/xpcconvert.cpp
@ -1079,46 +1079,32 @@ CreateHolderIfNeeded(XPCCallContext& ccx, JSObject* obj, jsval* d,
    return JS_TRUE;
 }

-static void
-ComputeWrapperInfo(const XPCCallContext &ccx,
-                   JSObject **callee,
-                   JSScript **script)
+static PRBool
+ComputeWrapperInfo(const XPCCallContext &ccx, XPCWrappedNativeScope *scope,
+                   JSObject **callee)
 {
-    *callee = nsnull;
-    *script = nsnull;
-
    if(ccx.GetXPCContext()->CallerTypeIsJavaScript())
    {
-        // Called from JS.  We're going to hand the resulting
-        // JSObject to said JS, so look for the script we want on
-        // the stack.
-        JSStackFrame* fp = JS_GetScriptedCaller(ccx, NULL);
-        if(fp)
-        {
-            *script = fp->maybeScript();
-            *callee = fp->isFunctionFrame()
-                      ? &fp->callee()
-                      : &fp->scopeChain();
-        }
+        // Called from JS.  We're going to hand the resulting JSObject
+        // to said JS. The correct compartment must already be pushed
+        // on cx, so return true and don't give back a callee.
+        *callee = nsnull;
+        return PR_TRUE;
    }
-    else if(ccx.GetXPCContext()->CallerTypeIsNative())
+
+    if(ccx.GetXPCContext()->CallerTypeIsNative())
    {
+        // Calling from JS -> C++, return false to indicate that we need
+        // to push a compartment and return the callee.
        *callee = ccx.GetCallee();
-        if(*callee && JS_ObjectIsFunction(ccx, *callee))
+        if(!*callee || !JS_ObjectIsFunction(ccx, *callee))
        {
-            // Called from c++, and calling out to |callee|, which is a JS
-            // function object.  Look for the script for this function.
-            JSFunction* fun = (JSFunction*) xpc_GetJSPrivate(*callee);
-            NS_ASSERTION(fun, "Must have JSFunction for a Function object");
-            *script = JS_GetFunctionScript(ccx, fun);
-        }
-        else
-        {
-            // Else we don't know whom we're calling, so don't
-            // create XPCNativeWrappers.
-            *callee = nsnull;
+            *callee = scope->GetGlobalJSObject();
+            OBJ_TO_INNER_OBJECT(ccx, *callee);
        }
    }
+
+    return PR_FALSE;
 }

 /***************************************************************************/
@ -1171,7 +1157,6 @@ XPCConvert::NativeInterface2JSObject(XPCLazyCallContext& lccx,
    nsWrapperCache *cache = aHelper.GetWrapperCache();

    JSObject *callee;
-    JSScript *script;

    PRBool tryConstructSlimWrapper = PR_FALSE;
    JSObject *flat;
@ -1187,17 +1172,14 @@ XPCConvert::NativeInterface2JSObject(XPCLazyCallContext& lccx,
            if(!flat)
                flat = ConstructProxyObject(ccx, aHelper, xpcscope);

-            ComputeWrapperInfo(ccx, &callee, &script);
-            if(!callee)
+            JSAutoEnterCompartment ac;
+            if(!ComputeWrapperInfo(ccx, xpcscope, &callee) &&
+               !ac.enter(ccx, callee))
            {
-                callee = xpcscope->GetGlobalJSObject();
-                OBJ_TO_INNER_OBJECT(ccx, callee);
-                if(!callee)
-                    return JS_FALSE;
+                return JS_FALSE;
            }

-            JSAutoEnterCompartment ac;
-            if(!ac.enter(ccx, callee) || !JS_WrapObject(ccx, &flat))
+            if(!JS_WrapObject(ccx, &flat))
                return JS_FALSE;

            return CreateHolderIfNeeded(ccx, flat, d, dest);
@ -1353,31 +1335,29 @@ XPCConvert::NativeInterface2JSObject(XPCLazyCallContext& lccx,
    if(!ccx.IsValid())
        return JS_FALSE;

-    ComputeWrapperInfo(ccx, &callee, &script);
-    if(!callee)
+    JSAutoEnterCompartment ac;
+    if(!ComputeWrapperInfo(ccx, xpcscope, &callee) &&
+       !ac.enter(ccx, callee))
    {
-        callee = xpcscope->GetGlobalJSObject();
-        OBJ_TO_INNER_OBJECT(cx, callee);
-        if(!callee)
-            return JS_FALSE;
+        return JS_FALSE;
    }

-    JSAutoEnterCompartment ac;
-    if(!ac.enter(ccx, callee) || !JS_WrapObject(ccx, &flat))
+    JSObject *original = flat;
+    if(!JS_WrapObject(ccx, &flat))
        return JS_FALSE;
-
    *d = OBJECT_TO_JSVAL(flat);
+
    if(dest)
    {
        // The strongWrapper still holds the original flat object.
-        if(OBJECT_TO_JSVAL(flat) == *d)
+        if(flat == original)
        {
            *dest = strongWrapper.forget().get();
        }
        else
        {
            nsRefPtr<XPCJSObjectHolder> objHolder =
-                XPCJSObjectHolder::newHolder(ccx, JSVAL_TO_OBJECT(*d));
+                XPCJSObjectHolder::newHolder(ccx, flat);
            if(!objHolder)
                return JS_FALSE;