wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 832091 - guards against crashes in resolveDOMCollectionProperty. r=bholley

Browse Source
This commit is contained in:
Gabor Krizsanits 2013-04-07 10:18:58 +02:00
parent 7a4e479db0
commit 5c879a14bf
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
js/xpconnect/wrappers/XrayWrapper.cpp
View File

@ -605,12 +605,11 @@ holder_set(JSContext *cx, HandleObject wrapperArg, HandleId id, JSBool strict, M
class AutoSetWrapperNotShadowing class AutoSetWrapperNotShadowing
{ {
public: public:
AutoSetWrapperNotShadowing(JSObject *wrapper MOZ_GUARD_OBJECT_NOTIFIER_PARAM) AutoSetWrapperNotShadowing(ResolvingId *resolvingId MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
{ {
MOZ_GUARD_OBJECT_NOTIFIER_INIT; MOZ_GUARD_OBJECT_NOTIFIER_INIT;
MOZ_ASSERT(wrapper); MOZ_ASSERT(resolvingId);
mResolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper); mResolvingId = resolvingId;
MOZ_ASSERT(mResolvingId);
mResolvingId->mXrayShadowing = true; mResolvingId->mXrayShadowing = true;
} }
@ -640,12 +639,26 @@ XPCWrappedNativeXrayTraits::resolveDOMCollectionProperty(JSContext *cx, HandleOb
return true; return true;
XPCWrappedNative *wn = getWN(wrapper); XPCWrappedNative *wn = getWN(wrapper);
if (!wn) {
// This should NEVER happen, but let's be extra careful here
// becaue of the reported crashes (Bug 832091).
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
return false;
}
if (!NATIVE_HAS_FLAG(wn, WantNewResolve)) if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
return true; return true;
ResolvingId *resolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
if (!resolvingId) {
// This should NEVER happen, but let's be extra careful here
// becaue of the reported crashes (Bug 832091).
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
return false;
}
// Setting the current ResolvingId in non-shadowing mode. So for this id // Setting the current ResolvingId in non-shadowing mode. So for this id
// Xray won't ignore DOM specific collection properties temporarily. // Xray won't ignore DOM specific collection properties temporarily.
AutoSetWrapperNotShadowing asw(wrapper); AutoSetWrapperNotShadowing asw(resolvingId);
bool retval = true; bool retval = true;
RootedObject pobj(cx); RootedObject pobj(cx);
@ -777,9 +790,12 @@ XPCWrappedNativeXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wr
XPCNativeInterface *iface; XPCNativeInterface *iface;
XPCNativeMember *member; XPCNativeMember *member;
XPCWrappedNative *wn = getWN(wrapper); XPCWrappedNative *wn = getWN(wrapper);
if (ccx.GetWrapper() != wn ||
!wn->IsValid() || if (ccx.GetWrapper() != wn || !wn->IsValid()) {
!(iface = ccx.GetInterface()) || // Something is wrong. If the wrapper is not even valid let's not risk
// calling resolveDOMCollectionProperty.
return true;
} else if (!(iface = ccx.GetInterface()) ||
!(member = ccx.GetMember())) { !(member = ccx.GetMember())) {
/* Not found */ /* Not found */
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags); return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);