Bug 863769 - Make ArrayBufferInputStream use rooting APIs that don't rely on the JS context being valid. r=jonco,vlad

2024-09-13 09:24:08 -07:00 · 2013-04-22 19:46:40 +02:00 · 2013-04-22 19:46:40 +02:00 · 9ecfb0ef5d
commit 9ecfb0ef5d
parent a8da106307
2 changed files with 22 additions and 7 deletions
--- a/netwerk/base/src/ArrayBufferInputStream.cpp
+++ b/netwerk/base/src/ArrayBufferInputStream.cpp
@ -11,13 +11,22 @@
 NS_IMPL_ISUPPORTS2(ArrayBufferInputStream, nsIArrayBufferInputStream, nsIInputStream);

 ArrayBufferInputStream::ArrayBufferInputStream()
-: mBuffer(nullptr)
+: mRt(nullptr)
+, mArrayBuffer(JSVAL_VOID)
+, mBuffer(nullptr)
 , mBufferLength(0)
 , mOffset(0)
 , mClosed(false)
 {
 }

+ArrayBufferInputStream::~ArrayBufferInputStream()
+{
+  if (mRt) {
+    JS_RemoveValueRootRT(mRt, &mArrayBuffer);
+  }
+}
+
 NS_IMETHODIMP
 ArrayBufferInputStream::SetData(const JS::Value& aBuffer,
                                uint32_t aByteOffset,
@ -27,14 +36,19 @@ ArrayBufferInputStream::SetData(const JS::Value& aBuffer,
  if (!aBuffer.isObject()) {
    return NS_ERROR_FAILURE;
  }
-  mArrayBuffer.construct(aCx, &aBuffer.toObject());
-  if (!JS_IsArrayBufferObject(mArrayBuffer.ref())) {
+  JS::RootedObject arrayBuffer(aCx, &aBuffer.toObject());
+  if (!JS_IsArrayBufferObject(arrayBuffer)) {
    return NS_ERROR_FAILURE;
  }
-  uint32_t buflen = JS_GetArrayBufferByteLength(mArrayBuffer.ref());
+
+  mRt = JS_GetRuntime(aCx);
+  mArrayBuffer = aBuffer;
+  JS_AddNamedValueRootRT(mRt, &mArrayBuffer, "mArrayBuffer");
+
+  uint32_t buflen = JS_GetArrayBufferByteLength(arrayBuffer);
  mOffset = std::min(buflen, aByteOffset);
  mBufferLength = std::min(buflen - mOffset, aLength);
-  mBuffer = JS_GetArrayBufferData(mArrayBuffer.ref());
+  mBuffer = JS_GetArrayBufferData(arrayBuffer);
  return NS_OK;
 }

--- a/netwerk/base/src/ArrayBufferInputStream.h
+++ b/netwerk/base/src/ArrayBufferInputStream.h
@ -22,13 +22,14 @@
 class ArrayBufferInputStream : public nsIArrayBufferInputStream {
 public:
  ArrayBufferInputStream();
-  virtual ~ArrayBufferInputStream() {}
+  virtual ~ArrayBufferInputStream();
  NS_DECL_ISUPPORTS
  NS_DECL_NSIARRAYBUFFERINPUTSTREAM
  NS_DECL_NSIINPUTSTREAM

 private:
-  mozilla::Maybe<JS::RootedObject> mArrayBuffer;
+  JSRuntime* mRt;
+  jsval mArrayBuffer;
  uint8_t* mBuffer;
  uint32_t mBufferLength;
  uint32_t mOffset;