Bug 877540. Fix remaining unsafe reference hazards in browser code. r=terrence

This commit is contained in:
Boris Zbarsky 2013-05-30 17:46:48 -04:00
parent 7c5e61e873
commit 897328ff5b
16 changed files with 52 additions and 45 deletions

View File

@ -68,6 +68,7 @@ template<typename T> class Optional;
namespace JS {
class Value;
template<typename T> class Handle;
}
#define NODE_FLAG_BIT(n_) (1U << (n_))
@ -1581,7 +1582,8 @@ public:
// HasAttributes is defined inline in Element.h.
bool HasAttributes() const;
nsDOMAttributeMap* GetAttributes();
JS::Value SetUserData(JSContext* aCx, const nsAString& aKey, JS::Value aData,
JS::Value SetUserData(JSContext* aCx, const nsAString& aKey,
JS::Handle<JS::Value> aData,
nsIDOMUserDataHandler* aHandler,
mozilla::ErrorResult& aError);
JS::Value GetUserData(JSContext* aCx, const nsAString& aKey,

View File

@ -338,8 +338,9 @@ GetParamsForMessage(JSContext* aCx,
// properly cases when interface is implemented in JS and used
// as a dictionary.
nsAutoString json;
JS::Value v = aObject;
NS_ENSURE_TRUE(JS_Stringify(aCx, &v, nullptr, JSVAL_NULL, JSONCreator, &json), false);
JS::Rooted<JS::Value> v(aCx, aObject);
NS_ENSURE_TRUE(JS_Stringify(aCx, v.address(), nullptr, JSVAL_NULL,
JSONCreator, &json), false);
NS_ENSURE_TRUE(!json.IsEmpty(), false);
JS::Rooted<JS::Value> val(aCx, JS::NullValue());

View File

@ -678,11 +678,13 @@ nsINode::SetUserData(const nsAString &aKey, nsIVariant *aData,
}
JS::Value
nsINode::SetUserData(JSContext* aCx, const nsAString& aKey, JS::Value aData,
nsINode::SetUserData(JSContext* aCx, const nsAString& aKey,
JS::Handle<JS::Value> aData,
nsIDOMUserDataHandler* aHandler, ErrorResult& aError)
{
nsCOMPtr<nsIVariant> data;
aError = nsContentUtils::XPConnect()->JSValToVariant(aCx, &aData,
JS::Rooted<JS::Value> dataVal(aCx, aData);
aError = nsContentUtils::XPConnect()->JSValToVariant(aCx, dataVal.address(),
getter_AddRefs(data));
if (aError.Failed()) {
return JS::UndefinedValue();

View File

@ -60,7 +60,8 @@ nsDOMDataContainerEvent::SetData(const nsAString& aKey, nsIVariant *aData)
void
nsDOMDataContainerEvent::SetData(JSContext* aCx, const nsAString& aKey,
JS::Value aVal, mozilla::ErrorResult& aRv)
JS::Handle<JS::Value> aVal,
mozilla::ErrorResult& aRv)
{
if (!nsContentUtils::XPConnect()) {
aRv = NS_ERROR_FAILURE;

View File

@ -39,8 +39,8 @@ public:
return val.forget();
}
void SetData(JSContext* aCx, const nsAString& aKey, JS::Value aVal,
mozilla::ErrorResult& aRv);
void SetData(JSContext* aCx, const nsAString& aKey,
JS::Handle<JS::Value> aVal, mozilla::ErrorResult& aRv);
private:
static PLDHashOperator

View File

@ -54,7 +54,7 @@ public:
const nsAString& aType,
bool aCanBubble,
bool aCancelable,
JS::Value aData,
JS::Handle<JS::Value> aData,
const nsAString& aOrigin,
const nsAString& aLastEventId,
nsIDOMWindow* aSource,

View File

@ -48,8 +48,8 @@ public:
JSObject* GetFrameBuffer(JSContext* aCx, mozilla::ErrorResult& aRv)
{
JS::Value dummy;
aRv = GetFrameBuffer(aCx, &dummy);
JS::Rooted<JS::Value> dummy(aCx);
aRv = GetFrameBuffer(aCx, dummy.address());
return mCachedArray;
}

View File

@ -724,7 +724,7 @@ nsresult
HTMLCanvasElement::GetContext(const nsAString& aContextId,
nsISupports** aContext)
{
return GetContext(aContextId, JS::UndefinedValue(), nullptr, aContext);
return GetContext(aContextId, JS::UndefinedHandleValue, nullptr, aContext);
}
NS_IMETHODIMP

View File

@ -8,6 +8,7 @@
#define mozilla_dom_TypedArray_h
#include "jsfriendapi.h"
#include "js/RootingAPI.h"
namespace mozilla {
namespace dom {
@ -65,7 +66,7 @@ struct TypedArray : public TypedArray_base<T,UnboxArray> {
static inline JSObject*
Create(JSContext* cx, nsWrapperCache* creator, uint32_t length,
const T* data = NULL) {
JSObject* creatorWrapper;
JS::Rooted<JSObject*> creatorWrapper(cx);
Maybe<JSAutoCompartment> ac;
if (creator && (creatorWrapper = creator->GetWrapperPreserveColor())) {
ac.construct(cx, creatorWrapper);

View File

@ -100,11 +100,11 @@ TestShellCommandParent::RunCallback(const nsString& aResponse)
JSString* str = JS_NewUCStringCopyN(mCx, aResponse.get(), aResponse.Length());
NS_ENSURE_TRUE(str, JS_FALSE);
JS::Value argv[] = { STRING_TO_JSVAL(str) };
unsigned argc = ArrayLength(argv);
JS::Rooted<JS::Value> strVal(mCx, JS::StringValue(str));
JS::Value rval;
JSBool ok = JS_CallFunctionValue(mCx, global, mCallback, argc, argv, &rval);
JS::Rooted<JS::Value> rval(mCx);
JSBool ok = JS_CallFunctionValue(mCx, global, mCallback, 1, strVal.address(),
rval.address());
NS_ENSURE_TRUE(ok, JS_FALSE);
return JS_TRUE;

View File

@ -95,8 +95,8 @@ StatementRow::GetProperty(nsIXPConnectWrappedNative *aWrapper,
// Copy the blob over to the JS array.
for (uint32_t i = 0; i < length; i++) {
jsval val = INT_TO_JSVAL(blob[i]);
if (!::JS_SetElement(aCtx, scope, i, &val)) {
JS::Rooted<JS::Value> val(aCtx, INT_TO_JSVAL(blob[i]));
if (!::JS_SetElement(aCtx, scope, i, val.address())) {
*_retval = false;
return NS_OK;
}

View File

@ -92,9 +92,9 @@ PlaceInfo::GetVisits(JSContext* aContext,
JS::Rooted<JSObject*> jsobj(aContext, wrapper->GetJSObject());
NS_ENSURE_STATE(jsobj);
JS::Value wrappedVisit = OBJECT_TO_JSVAL(jsobj);
JS::Rooted<JS::Value> wrappedVisit(aContext, OBJECT_TO_JSVAL(jsobj));
JSBool rc = JS_SetElement(aContext, visits, idx, &wrappedVisit);
JSBool rc = JS_SetElement(aContext, visits, idx, wrappedVisit.address());
NS_ENSURE_TRUE(rc, NS_ERROR_UNEXPECTED);
}

View File

@ -1516,8 +1516,8 @@ TelemetryImpl::GetChromeHangs(JSContext *cx, JS::Value *ret)
const size_t length = stacks.GetStackCount();
for (size_t i = 0; i < length; ++i) {
JS::Value duration = INT_TO_JSVAL(mHangReports.GetDuration(i));
if (!JS_SetElement(cx, durationArray, i, &duration)) {
JS::Rooted<JS::Value> duration(cx, INT_TO_JSVAL(mHangReports.GetDuration(i)));
if (!JS_SetElement(cx, durationArray, i, duration.address())) {
return NS_ERROR_FAILURE;
}
}
@ -1553,8 +1553,8 @@ CreateJSStackObject(JSContext *cx, const CombinedStacks &stacks) {
if (!moduleInfoArray) {
return nullptr;
}
JS::Value val = OBJECT_TO_JSVAL(moduleInfoArray);
if (!JS_SetElement(cx, moduleArray, moduleIndex, &val)) {
JS::Rooted<JS::Value> val(cx, OBJECT_TO_JSVAL(moduleInfoArray));
if (!JS_SetElement(cx, moduleArray, moduleIndex, val.address())) {
return nullptr;
}
@ -1566,7 +1566,7 @@ CreateJSStackObject(JSContext *cx, const CombinedStacks &stacks) {
return nullptr;
}
val = STRING_TO_JSVAL(str);
if (!JS_SetElement(cx, moduleInfoArray, index++, &val)) {
if (!JS_SetElement(cx, moduleInfoArray, index++, val.address())) {
return nullptr;
}
@ -1576,7 +1576,7 @@ CreateJSStackObject(JSContext *cx, const CombinedStacks &stacks) {
return nullptr;
}
val = STRING_TO_JSVAL(id);
if (!JS_SetElement(cx, moduleInfoArray, index++, &val)) {
if (!JS_SetElement(cx, moduleInfoArray, index++, val.address())) {
return nullptr;
}
}
@ -1600,8 +1600,8 @@ CreateJSStackObject(JSContext *cx, const CombinedStacks &stacks) {
return nullptr;
}
JS::Value pcArrayVal = OBJECT_TO_JSVAL(pcArray);
if (!JS_SetElement(cx, reportArray, i, &pcArrayVal)) {
JS::Rooted<JS::Value> pcArrayVal(cx, OBJECT_TO_JSVAL(pcArray));
if (!JS_SetElement(cx, reportArray, i, pcArrayVal.address())) {
return nullptr;
}
@ -1615,16 +1615,16 @@ CreateJSStackObject(JSContext *cx, const CombinedStacks &stacks) {
}
int modIndex = (std::numeric_limits<uint16_t>::max() == frame.mModIndex) ?
-1 : frame.mModIndex;
JS::Value modIndexVal = INT_TO_JSVAL(modIndex);
if (!JS_SetElement(cx, framePair, 0, &modIndexVal)) {
JS::Rooted<JS::Value> modIndexVal(cx, INT_TO_JSVAL(modIndex));
if (!JS_SetElement(cx, framePair, 0, modIndexVal.address())) {
return nullptr;
}
JS::Value mOffsetVal = INT_TO_JSVAL(frame.mOffset);
if (!JS_SetElement(cx, framePair, 1, &mOffsetVal)) {
JS::Rooted<JS::Value> mOffsetVal(cx, INT_TO_JSVAL(frame.mOffset));
if (!JS_SetElement(cx, framePair, 1, mOffsetVal.address())) {
return nullptr;
}
JS::Value framePairVal = OBJECT_TO_JSVAL(framePair);
if (!JS_SetElement(cx, pcArray, pcIndex, &framePairVal)) {
JS::Rooted<JS::Value> framePairVal(cx, OBJECT_TO_JSVAL(framePair));
if (!JS_SetElement(cx, pcArray, pcIndex, framePairVal.address())) {
return nullptr;
}
}

View File

@ -92,8 +92,8 @@ JSObjectBuilder::ArrayPush(JSCustomArray *aArray, int value)
if (!mOk)
return;
JS::Value objval = INT_TO_JSVAL(value);
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, &objval);
JS::Rooted<JS::Value> objval(mCx, INT_TO_JSVAL(value));
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, objval.address());
}
void
@ -114,8 +114,8 @@ JSObjectBuilder::ArrayPush(JSCustomArray *aArray, const char *value)
if (!mOk)
return;
JS::Value objval = STRING_TO_JSVAL(string);
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, &objval);
JS::Rooted<JS::Value> objval(mCx, STRING_TO_JSVAL(string));
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, objval.address());
}
void
@ -130,8 +130,8 @@ JSObjectBuilder::ArrayPush(JSCustomArray *aArray, JSCustomObject *aObject)
if (!mOk)
return;
JS::Value objval = OBJECT_TO_JSVAL((JSObject*)aObject);
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, &objval);
JS::Rooted<JS::Value> objval(mCx, OBJECT_TO_JSVAL((JSObject*)aObject));
mOk = JS_SetElement(mCx, (JSObject*)aArray, length, objval.address());
}
JSCustomArray*

View File

@ -70,8 +70,8 @@ SaveProfileTask::Run() {
if (stream.is_open()) {
JSAutoCompartment autoComp(cx, obj);
JSObject* profileObj = profiler_get_profile_jsobject(cx);
jsval val = OBJECT_TO_JSVAL(profileObj);
JS_Stringify(cx, &val, nullptr, JSVAL_NULL, WriteCallback, &stream);
JS::Rooted<JS::Value> val(cx, OBJECT_TO_JSVAL(profileObj));
JS_Stringify(cx, val.address(), nullptr, JSVAL_NULL, WriteCallback, &stream);
stream.close();
LOGF("Saved to %s", tmpPath.get());
} else {

View File

@ -174,13 +174,13 @@ nsHTTPIndex::OnFTPControlLog(bool server, const char *msg)
params[0] = BOOLEAN_TO_JSVAL(server);
params[1] = STRING_TO_JSVAL(jsMsgStr);
JS::Value val;
JS::Rooted<JS::Value> val(cx);
JS_CallFunctionName(cx,
global,
"OnFTPControlLog",
2,
params,
&val);
val.address());
return NS_OK;
}