Bug 1019334 - Require that Init be called on a newly-constructed TypedArray struct to use it. r=bz

2024-09-13 09:24:08 -07:00 · 2014-06-03 18:31:43 -07:00 · 2014-06-03 18:31:43 -07:00 · 7d800aab7e
commit 7d800aab7e
parent 78842c3ab0
4 changed files with 19 additions and 28 deletions
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@ -2525,8 +2525,8 @@ GetRequestBody(nsIVariant* aBody, nsIInputStream** aResult, uint64_t* aContentLe
    nsresult rv = aBody->GetAsJSVal(&realVal);
    if (NS_SUCCEEDED(rv) && !realVal.isPrimitive()) {
      JS::Rooted<JSObject*> obj(cx, realVal.toObjectOrNull());
-      if (JS_IsArrayBufferObject(obj)) {
-          ArrayBuffer buf(obj);
+      ArrayBuffer buf;
+      if (buf.Init(obj)) {
          buf.ComputeLengthAndData();
          return GetRequestBody(buf.Data(), buf.Length(), aResult,
                                aContentLength, aContentType, aCharset);
--- a/content/canvas/src/CanvasRenderingContext2D.cpp
+++ b/content/canvas/src/CanvasRenderingContext2D.cpp
@ -70,6 +70,7 @@
 #include "mozilla/Alignment.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/CheckedInt.h"
+#include "mozilla/DebugOnly.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/ImageData.h"
 #include "mozilla/dom/PBrowserParent.h"
@ -4006,7 +4007,9 @@ void
 CanvasRenderingContext2D::PutImageData(ImageData& imageData, double dx,
                                       double dy, ErrorResult& error)
 {
-  dom::Uint8ClampedArray arr(imageData.GetDataObject());
+  dom::Uint8ClampedArray arr;
+  DebugOnly<bool> inited = arr.Init(imageData.GetDataObject());
+  MOZ_ASSERT(inited);

  error = PutImageData_explicit(JS_DoubleToInt32(dx), JS_DoubleToInt32(dy),
                                imageData.Width(), imageData.Height(),
@ -4020,7 +4023,9 @@ CanvasRenderingContext2D::PutImageData(ImageData& imageData, double dx,
                                       double dirtyHeight,
                                       ErrorResult& error)
 {
-  dom::Uint8ClampedArray arr(imageData.GetDataObject());
+  dom::Uint8ClampedArray arr;
+  DebugOnly<bool> inited = arr.Init(imageData.GetDataObject());
+  MOZ_ASSERT(inited);

  error = PutImageData_explicit(JS_DoubleToInt32(dx), JS_DoubleToInt32(dy),
                                imageData.Width(), imageData.Height(),
--- a/content/canvas/src/WebGLContextGL.cpp
+++ b/content/canvas/src/WebGLContextGL.cpp
@ -42,6 +42,7 @@
 #include "nsCocoaFeatures.h"
 #endif

+#include "mozilla/DebugOnly.h"
 #include "mozilla/dom/BindingUtils.h"
 #include "mozilla/dom/ImageData.h"
 #include "mozilla/dom/ToJSValue.h"
@ -3713,7 +3714,9 @@ WebGLContext::TexImage2D(GLenum target, GLint level,
        return ErrorInvalidValue("texImage2D: null ImageData");
    }

-    Uint8ClampedArray arr(pixels->GetDataObject());
+    Uint8ClampedArray arr;
+    DebugOnly<bool> inited = arr.Init(pixels->GetDataObject());
+    MOZ_ASSERT(inited);
    arr.ComputeLengthAndData();

    return TexImage2D_base(target, level, internalformat, pixels->Width(),
@ -3846,7 +3849,9 @@ WebGLContext::TexSubImage2D(GLenum target, GLint level,
    if (!pixels)
        return ErrorInvalidValue("texSubImage2D: pixels must not be null!");

-    Uint8ClampedArray arr(pixels->GetDataObject());
+    Uint8ClampedArray arr;
+    DebugOnly<bool> inited = arr.Init(pixels->GetDataObject());
+    MOZ_ASSERT(inited);
    arr.ComputeLengthAndData();

    return TexSubImage2D_base(target, level, xoffset, yoffset,
--- a/dom/bindings/TypedArray.h
+++ b/dom/bindings/TypedArray.h
@ -26,7 +26,7 @@ struct TypedArrayObjectStorage : AllTypedArraysBase {
 protected:
  JSObject* mObj;

-  TypedArrayObjectStorage(JSObject *obj) : mObj(obj)
+  TypedArrayObjectStorage() : mObj(nullptr)
  {
  }

@ -60,18 +60,8 @@ template<typename T,
 struct TypedArray_base : public TypedArrayObjectStorage {
  typedef T element_type;

-  TypedArray_base(JSObject* obj)
-    : TypedArrayObjectStorage(obj),
-      mData(nullptr),
-      mLength(0),
-      mComputed(false)
-  {
-    MOZ_ASSERT(obj != nullptr);
-  }
-
  TypedArray_base()
-    : TypedArrayObjectStorage(nullptr),
-      mData(nullptr),
+    : mData(nullptr),
      mLength(0),
      mComputed(false)
  {
@ -97,7 +87,7 @@ public:
  inline bool Init(JSObject* obj)
  {
    MOZ_ASSERT(!inited());
-    DoInit(obj);
+    mObj = UnwrapArray(obj);
    return inited();
  }

@ -135,11 +125,6 @@ public:
  }

 protected:
-  inline void DoInit(JSObject* obj)
-  {
-    mObj = UnwrapArray(obj);
-  }
-
  inline void ComputeData() const {
    MOZ_ASSERT(inited());
    if (!mComputed) {
@ -163,10 +148,6 @@ private:
  typedef TypedArray_base<T, UnwrapArray, GetLengthAndData> Base;

 public:
-  TypedArray(JSObject* obj)
-    : Base(obj)
-  {}
-
  TypedArray()
    : Base()
  {}