Bug 993085 - Part 0: Freeze SavedFrame and SavedFrame.prototype r=jimb

2024-09-13 09:24:08 -07:00 · 2014-07-18 13:48:06 -07:00 · 2014-07-18 13:48:06 -07:00 · 7aa4c7c841
commit 7aa4c7c841
parent 3e27db69c0
2 changed files with 22 additions and 1 deletions
--- a/js/src/jit-test/tests/saved-stacks/stacks-are-frozen.js
+++ b/js/src/jit-test/tests/saved-stacks/stacks-are-frozen.js
@ -0,0 +1,17 @@
+// Test that SavedFrame instances are frozen and can't be messed with.
+
+// Strict mode so that mutating frozen objects doesn't silently fail.
+"use strict";
+
+const s = saveStack();
+
+load(libdir + 'asserts.js');
+
+assertThrowsInstanceOf(() => s.source = "fake.url",
+                       TypeError);
+
+assertThrowsInstanceOf(() => {
+  Object.defineProperty(s.__proto__, "line", {
+    get: () => 0
+  })
+}, TypeError);
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@ -582,7 +582,8 @@ SavedStacks::getOrCreateSavedFramePrototype(JSContext *cx)
                                                   global));
    if (!proto
        || !JS_DefineProperties(cx, proto, SavedFrame::properties)
-        || !JS_DefineFunctions(cx, proto, SavedFrame::methods))
+        || !JS_DefineFunctions(cx, proto, SavedFrame::methods)
+        || !JSObject::freeze(cx, proto))
        return nullptr;

    savedFrameProto = proto;
@ -614,6 +615,9 @@ SavedStacks::createFrameFromLookup(JSContext *cx, const SavedFrame::Lookup &look
    SavedFrame &f = frameObj->as<SavedFrame>();
    f.initFromLookup(lookup);

+    if (!JSObject::freeze(cx, frameObj))
+        return nullptr;
+
    return &f;
 }