Bug 1131799. Stop parenting XPConnect tearoffs to the XPCWrappedNative. r=peterv

This commit is contained in:
Boris Zbarsky 2015-02-13 14:34:53 -05:00
parent f512a8b817
commit 5cdfac2ecb
4 changed files with 27 additions and 12 deletions

View File

@ -8,6 +8,7 @@
#include "xpcprivate.h"
#include "jswrapper.h"
#include "jsfriendapi.h"
using namespace mozilla;
using namespace xpc;
@ -67,7 +68,9 @@ XPCCallContext::XPCCallContext(XPCContext::LangType callerLanguage,
mWrapper = XPCWrappedNative::Get(unwrapped);
} else if (IS_TEAROFF_CLASS(clasp)) {
mTearOff = (XPCWrappedNativeTearOff*)js::GetObjectPrivate(unwrapped);
mWrapper = XPCWrappedNative::Get(js::GetObjectParent(unwrapped));
mWrapper = XPCWrappedNative::Get(
&js::GetReservedSlot(unwrapped,
XPC_WN_TEAROFF_FLAT_OBJECT_SLOT).toObject());
}
if (mWrapper) {
if (mTearOff)

View File

@ -11,6 +11,7 @@
#include "nsWrapperCacheInlines.h"
#include "XPCLog.h"
#include "jsprf.h"
#include "jsfriendapi.h"
#include "AccessCheck.h"
#include "WrapperFactory.h"
#include "XrayWrapper.h"
@ -1572,13 +1573,15 @@ XPCWrappedNative::InitTearOffJSObject(XPCWrappedNativeTearOff* to)
{
AutoJSContext cx;
RootedObject parent(cx, mFlatJSObject);
JSObject* obj = JS_NewObject(cx, Jsvalify(&XPC_WN_Tearoff_JSClass), parent);
JSObject* obj = JS_NewObject(cx, Jsvalify(&XPC_WN_Tearoff_JSClass));
if (!obj)
return false;
JS_SetPrivate(obj, to);
to->SetJSObject(obj);
js::SetReservedSlot(obj, XPC_WN_TEAROFF_FLAT_OBJECT_SLOT,
JS::ObjectValue(*mFlatJSObject));
return true;
}

View File

@ -12,6 +12,7 @@
#include "mozilla/Preferences.h"
#include "nsIAddonInterposition.h"
#include "AddonWrapper.h"
#include "js/Class.h"
using namespace mozilla;
using namespace JS;
@ -649,7 +650,7 @@ XPC_WN_NoHelper_Resolve(JSContext *cx, HandleObject obj, HandleId id, bool *reso
const XPCWrappedNativeJSClass XPC_WN_NoHelper_JSClass = {
{ // base
"XPCWrappedNative_NoHelper", // name;
WRAPPER_SLOTS |
WRAPPER_FLAGS |
JSCLASS_PRIVATE_IS_NSISUPPORTS, // flags
/* Mandatory non-null function pointer members. */
@ -1009,7 +1010,7 @@ XPCNativeScriptableShared::PopulateJSClass()
{
MOZ_ASSERT(mJSClass.base.name, "bad state!");
mJSClass.base.flags = WRAPPER_SLOTS |
mJSClass.base.flags = WRAPPER_FLAGS |
JSCLASS_PRIVATE_IS_NSISUPPORTS;
if (mFlags.IsGlobalObject())
@ -1305,7 +1306,7 @@ XPC_WN_ModsAllowed_Proto_Resolve(JSContext *cx, HandleObject obj, HandleId id, b
const js::Class XPC_WN_ModsAllowed_WithCall_Proto_JSClass = {
"XPC_WN_ModsAllowed_WithCall_Proto_JSClass", // name;
WRAPPER_SLOTS, // flags;
WRAPPER_FLAGS, // flags;
/* Function pointer members. */
nullptr, // addProperty;
@ -1330,7 +1331,7 @@ const js::Class XPC_WN_ModsAllowed_WithCall_Proto_JSClass = {
const js::Class XPC_WN_ModsAllowed_NoCall_Proto_JSClass = {
"XPC_WN_ModsAllowed_NoCall_Proto_JSClass", // name;
WRAPPER_SLOTS, // flags;
WRAPPER_FLAGS, // flags;
/* Function pointer members. */
nullptr, // addProperty;
@ -1415,7 +1416,7 @@ XPC_WN_NoMods_Proto_Resolve(JSContext *cx, HandleObject obj, HandleId id, bool *
const js::Class XPC_WN_NoMods_WithCall_Proto_JSClass = {
"XPC_WN_NoMods_WithCall_Proto_JSClass", // name;
WRAPPER_SLOTS, // flags;
WRAPPER_FLAGS, // flags;
/* Mandatory non-null function pointer members. */
XPC_WN_OnlyIWrite_Proto_AddPropertyStub, // addProperty;
@ -1440,7 +1441,7 @@ const js::Class XPC_WN_NoMods_WithCall_Proto_JSClass = {
const js::Class XPC_WN_NoMods_NoCall_Proto_JSClass = {
"XPC_WN_NoMods_NoCall_Proto_JSClass", // name;
WRAPPER_SLOTS, // flags;
WRAPPER_FLAGS, // flags;
/* Mandatory non-null function pointer members. */
XPC_WN_OnlyIWrite_Proto_AddPropertyStub, // addProperty;
@ -1528,10 +1529,16 @@ XPC_WN_TearOff_ObjectMoved(JSObject *obj, const JSObject *old)
p->JSObjectMoved(obj, old);
}
// Make sure WRAPPER_FLAGS has no reserved slots, so our XPC_WN_TEAROFF_RESERVED_SLOTS value is OK.
static_assert(((WRAPPER_FLAGS >> JSCLASS_RESERVED_SLOTS_SHIFT) &
JSCLASS_RESERVED_SLOTS_MASK) == 0,
"WRAPPER_FLAGS should not include any reserved slots");
const js::Class XPC_WN_Tearoff_JSClass = {
"WrappedNative_TearOff", // name;
WRAPPER_SLOTS, // flags;
WRAPPER_FLAGS |
JSCLASS_HAS_RESERVED_SLOTS(XPC_WN_TEAROFF_RESERVED_SLOTS), // flags;
XPC_WN_OnlyIWrite_AddPropertyStub, // addProperty;
XPC_WN_CantDeletePropertyStub, // delProperty;
nullptr, // getProperty;

View File

@ -214,7 +214,7 @@ extern const char XPC_XPCONNECT_CONTRACTID[];
return (result || !src) ? NS_OK : NS_ERROR_OUT_OF_MEMORY
#define WRAPPER_SLOTS (JSCLASS_HAS_PRIVATE | JSCLASS_IMPLEMENTS_BARRIERS )
#define WRAPPER_FLAGS (JSCLASS_HAS_PRIVATE | JSCLASS_IMPLEMENTS_BARRIERS )
#define INVALID_OBJECT ((JSObject *)1)
@ -959,6 +959,8 @@ extern const js::Class XPC_WN_NoMods_NoCall_Proto_JSClass;
extern const js::Class XPC_WN_ModsAllowed_WithCall_Proto_JSClass;
extern const js::Class XPC_WN_ModsAllowed_NoCall_Proto_JSClass;
extern const js::Class XPC_WN_Tearoff_JSClass;
#define XPC_WN_TEAROFF_RESERVED_SLOTS 1
#define XPC_WN_TEAROFF_FLAT_OBJECT_SLOT 0
extern const js::Class XPC_WN_NoHelper_Proto_JSClass;
extern bool