wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 949890. Fix rooting hazard in workers::XMLHttpRequest::Send. r=khuey

Browse Source
This commit is contained in:
Boris Zbarsky 2013-12-20 14:28:18 -05:00
parent 6cbdf23c78
commit 878193f1fb
2 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dom/workers/XMLHttpRequest.cpp
View File

@ -2045,12 +2045,11 @@ XMLHttpRequest::Send(const nsAString& aBody, ErrorResult& aRv)
}
void
XMLHttpRequest::Send(JSObject* aBody, ErrorResult& aRv)
XMLHttpRequest::Send(JS::Handle<JSObject*> aBody, ErrorResult& aRv)
{
JSContext* cx = mWorkerPrivate->GetJSContext();
MOZ_ASSERT(aBody);
JS::Rooted<JSObject*> body(cx, aBody);
mWorkerPrivate->AssertIsOnWorkerThread();
@ -2065,12 +2064,12 @@ XMLHttpRequest::Send(JSObject* aBody, ErrorResult& aRv)
}
JS::Rooted<JS::Value> valToClone(cx);
if (JS_IsArrayBufferObject(body) || JS_IsArrayBufferViewObject(body) ||
file::GetDOMBlobFromJSObject(body)) {
valToClone.setObject(*body);
if (JS_IsArrayBufferObject(aBody) || JS_IsArrayBufferViewObject(aBody) ||
file::GetDOMBlobFromJSObject(aBody)) {
valToClone.setObject(*aBody);
}
else {
JS::Rooted<JS::Value> obj(cx, JS::ObjectValue(*body));
JS::Rooted<JS::Value> obj(cx, JS::ObjectValue(*aBody));
JSString* bodyStr = JS::ToString(cx, obj);
if (!bodyStr) {
aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
@ -2095,6 +2094,20 @@ XMLHttpRequest::Send(JSObject* aBody, ErrorResult& aRv)
SendInternal(EmptyString(), buffer, clonedObjects, aRv);
}
void
XMLHttpRequest::Send(const ArrayBuffer& aBody, ErrorResult& aRv)
{
JS::Rooted<JSObject*> obj(mWorkerPrivate->GetJSContext(), aBody.Obj());
return Send(obj, aRv);
}
void
XMLHttpRequest::Send(const ArrayBufferView& aBody, ErrorResult& aRv)
{
JS::Rooted<JSObject*> obj(mWorkerPrivate->GetJSContext(), aBody.Obj());
return Send(obj, aRv);
}
void
XMLHttpRequest::SendAsBinary(const nsAString& aBody, ErrorResult& aRv)
{

16
dom/workers/XMLHttpRequest.h
View File

@ -160,23 +160,13 @@ public:
Send(const nsAString& aBody, ErrorResult& aRv);
void
Send(JSObject* aBody, ErrorResult& aRv);
Send(JS::Handle<JSObject*> aBody, ErrorResult& aRv);
void
Send(JSObject& aBody, ErrorResult& aRv)
{
Send(&aBody, aRv);
}
Send(const ArrayBuffer& aBody, ErrorResult& aRv);
void
Send(const ArrayBuffer& aBody, ErrorResult& aRv) {
return Send(aBody.Obj(), aRv);
}
void
Send(const ArrayBufferView& aBody, ErrorResult& aRv) {
return Send(aBody.Obj(), aRv);
}
Send(const ArrayBufferView& aBody, ErrorResult& aRv);
void
SendAsBinary(const nsAString& aBody, ErrorResult& aRv);