wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 959932. Fix some unsafe address issues in js/src/vm. r=sfink

Browse Source
This commit is contained in:
Boris Zbarsky 2014-01-15 09:04:33 -05:00
parent decb10a3df
commit 673c0cc4ae
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/src/vm/Interpreter.cpp
View File

@ -84,8 +84,8 @@ static bool
#endif
LooseEqualityOp(JSContext *cx, FrameRegs &regs)
{
Value rval = regs.sp[-1];
Value lval = regs.sp[-2];
HandleValue rval = regs.stackHandleAt(-1);
HandleValue lval = regs.stackHandleAt(-2);
bool cond;
if (!LooselyEqual(cx, lval, rval, &cond))
return false;

6
js/src/vm/SelfHosting.cpp
View File

@ -779,14 +779,14 @@ JSRuntime::initSelfHosting(JSContext *cx)
* and we don't want errors in self-hosted code to be silently swallowed.
*/
JSErrorReporter oldReporter = JS_SetErrorReporter(cx, selfHosting_ErrorReporter);
Value rv;
RootedValue rv(cx);
bool ok = false;
char *filename = getenv("MOZ_SELFHOSTEDJS");
if (filename) {
RootedScript script(cx, Compile(cx, shg, options, filename));
if (script)
ok = Execute(cx, script, *shg.get(), &rv);
ok = Execute(cx, script, *shg.get(), rv.address());
} else {
uint32_t srcLen = GetRawScriptsSize();
@ -803,7 +803,7 @@ JSRuntime::initSelfHosting(JSContext *cx)
const char *src = rawSources;
#endif
ok = Evaluate(cx, shg, options, src, srcLen, &rv);
ok = Evaluate(cx, shg, options, src, srcLen, rv.address());
}
JS_SetErrorReporter(cx, oldReporter);
if (receivesDefaultObject)

3
js/src/vm/StructuredClone.cpp
View File

@ -809,7 +809,8 @@ JSStructuredCloneWriter::writeTypedArray(HandleObject obj)
return false;
// Write out the ArrayBuffer tag and contents
if (!startWrite(TypedArrayObject::bufferValue(tarr)))
RootedValue val(context(), TypedArrayObject::bufferValue(tarr));
if (!startWrite(val))
return false;
return out.write(tarr->byteOffset());