wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 832091 - guards against crashes in resolveDOMCollectionProperty. r=bholley

Browse Source
This commit is contained in:
Gabor Krizsanits 2013-04-07 10:18:58 +02:00
parent 7a4e479db0
commit 5c879a14bf
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
js/xpconnect/wrappers/XrayWrapper.cpp
View File

@ -605,12 +605,11 @@ holder_set(JSContext *cx, HandleObject wrapperArg, HandleId id, JSBool strict, M
class AutoSetWrapperNotShadowing
{
public:
AutoSetWrapperNotShadowing(JSObject *wrapper MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
AutoSetWrapperNotShadowing(ResolvingId *resolvingId MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
{
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
MOZ_ASSERT(wrapper);
mResolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
MOZ_ASSERT(mResolvingId);
MOZ_ASSERT(resolvingId);
mResolvingId = resolvingId;
mResolvingId->mXrayShadowing = true;
}
@ -640,12 +639,26 @@ XPCWrappedNativeXrayTraits::resolveDOMCollectionProperty(JSContext *cx, HandleOb
return true;
XPCWrappedNative *wn = getWN(wrapper);
if (!wn) {
// This should NEVER happen, but let's be extra careful here
// becaue of the reported crashes (Bug 832091).
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
return false;
}
if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
return true;
ResolvingId *resolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
if (!resolvingId) {
// This should NEVER happen, but let's be extra careful here
// becaue of the reported crashes (Bug 832091).
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
return false;
}
// Setting the current ResolvingId in non-shadowing mode. So for this id
// Xray won't ignore DOM specific collection properties temporarily.
AutoSetWrapperNotShadowing asw(wrapper);
AutoSetWrapperNotShadowing asw(resolvingId);
bool retval = true;
RootedObject pobj(cx);
@ -777,9 +790,12 @@ XPCWrappedNativeXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wr
XPCNativeInterface *iface;
XPCNativeMember *member;
XPCWrappedNative *wn = getWN(wrapper);
if (ccx.GetWrapper() != wn ||
!wn->IsValid() ||
!(iface = ccx.GetInterface()) ||
if (ccx.GetWrapper() != wn || !wn->IsValid()) {
// Something is wrong. If the wrapper is not even valid let's not risk
// calling resolveDOMCollectionProperty.
return true;
} else if (!(iface = ccx.GetInterface()) ||
!(member = ccx.GetMember())) {
/* Not found */
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);