mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 866450 Part 3: Fix rooting hazards under content/ and dom/ r=bz
This commit is contained in:
parent
bc9b1bccdc
commit
b410d41cc0
@ -952,8 +952,8 @@ static JSObject*
|
||||
NewOuterWindowProxy(JSContext *cx, JSObject *parent, bool isChrome)
|
||||
{
|
||||
JSAutoCompartment ac(cx, parent);
|
||||
JSObject *proto;
|
||||
if (!js::GetObjectProto(cx, parent, &proto))
|
||||
JS::Rooted<JSObject*> proto(cx);
|
||||
if (!js::GetObjectProto(cx, parent, proto.address()))
|
||||
return nullptr;
|
||||
|
||||
JSObject *obj = js::Wrapper::New(cx, parent, proto, parent,
|
||||
@ -2036,8 +2036,8 @@ nsGlobalWindow::SetOuterObject(JSContext* aCx, JSObject* aOuterObject)
|
||||
|
||||
// Set up the prototype for the outer object.
|
||||
JSObject* inner = JS_GetParent(aOuterObject);
|
||||
JSObject* proto;
|
||||
if (!JS_GetPrototype(aCx, inner, &proto)) {
|
||||
JS::Rooted<JSObject*> proto(aCx);
|
||||
if (!JS_GetPrototype(aCx, inner, proto.address())) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
JS_SetPrototype(aCx, aOuterObject, proto);
|
||||
@ -6462,8 +6462,8 @@ JSObject* nsGlobalWindow::CallerGlobal()
|
||||
// retrieve the global corresponding to the innermost scripted frame. Then,
|
||||
// we verify that its principal is subsumed by the subject principal. If it
|
||||
// isn't, something is screwy, and we want to clamp to the cx global.
|
||||
JSObject *scriptedGlobal = JS_GetScriptedGlobal(cx);
|
||||
JSObject *cxGlobal = JS_GetGlobalForScopeChain(cx);
|
||||
JS::Rooted<JSObject*> scriptedGlobal(cx, JS_GetScriptedGlobal(cx));
|
||||
JS::Rooted<JSObject*> cxGlobal(cx, JS_GetGlobalForScopeChain(cx));
|
||||
if (!xpc::AccessCheck::subsumes(cxGlobal, scriptedGlobal)) {
|
||||
NS_WARNING("Something nasty is happening! Applying countermeasures...");
|
||||
return cxGlobal;
|
||||
@ -6477,7 +6477,7 @@ nsGlobalWindow::CallerInnerWindow()
|
||||
{
|
||||
JSContext *cx = nsContentUtils::GetCurrentJSContext();
|
||||
NS_ENSURE_TRUE(cx, nullptr);
|
||||
JSObject *scope = CallerGlobal();
|
||||
JS::Rooted<JSObject*> scope(cx, CallerGlobal());
|
||||
|
||||
// When Jetpack runs content scripts inside a sandbox, it uses
|
||||
// sandboxPrototype to make them appear as though they're running in the
|
||||
@ -6487,8 +6487,8 @@ nsGlobalWindow::CallerInnerWindow()
|
||||
// now we need to do some special handling to support it.
|
||||
{
|
||||
JSAutoCompartment ac(cx, scope);
|
||||
JSObject *scopeProto;
|
||||
bool ok = JS_GetPrototype(cx, scope, &scopeProto);
|
||||
JS::Rooted<JSObject*> scopeProto(cx);
|
||||
bool ok = JS_GetPrototype(cx, scope, scopeProto.address());
|
||||
NS_ENSURE_TRUE(ok, nullptr);
|
||||
if (scopeProto && xpc::IsSandboxPrototypeProxy(scopeProto) &&
|
||||
(scopeProto = js::CheckedUnwrap(scopeProto, /* stopAtOuter = */ false)))
|
||||
@ -6590,10 +6590,10 @@ PostMessageReadStructuredClone(JSContext* cx,
|
||||
if (JS_ReadBytes(reader, &supports, sizeof(supports))) {
|
||||
JS::Rooted<JSObject*> global(cx, JS_GetGlobalForScopeChain(cx));
|
||||
if (global) {
|
||||
JS::Value val;
|
||||
JS::Rooted<JS::Value> val(cx);
|
||||
nsCOMPtr<nsIXPConnectJSObjectHolder> wrapper;
|
||||
if (NS_SUCCEEDED(nsContentUtils::WrapNative(cx, global, supports,
|
||||
&val,
|
||||
val.address(),
|
||||
getter_AddRefs(wrapper)))) {
|
||||
return JSVAL_TO_OBJECT(val);
|
||||
}
|
||||
@ -6728,13 +6728,13 @@ PostMessageEvent::Run()
|
||||
}
|
||||
|
||||
// Deserialize the structured clone data
|
||||
JS::Value messageData;
|
||||
JS::Rooted<JS::Value> messageData(cx);
|
||||
{
|
||||
JSAutoRequest ar(cx);
|
||||
StructuredCloneInfo scInfo;
|
||||
scInfo.event = this;
|
||||
|
||||
if (!buffer.read(cx, &messageData, &kPostMessageCallbacks, &scInfo))
|
||||
if (!buffer.read(cx, messageData.address(), &kPostMessageCallbacks, &scInfo))
|
||||
return NS_ERROR_DOM_DATA_CLONE_ERR;
|
||||
}
|
||||
|
||||
@ -7366,7 +7366,7 @@ public:
|
||||
JSContext* cx = nsContentUtils::GetSafeJSContext();
|
||||
|
||||
JSAutoRequest ar(cx);
|
||||
js::NukeCrossCompartmentWrappers(cx,
|
||||
js::NukeCrossCompartmentWrappers(cx,
|
||||
js::ChromeCompartmentsOnly(),
|
||||
js::SingleCompartment(js::GetObjectCompartment(obj)),
|
||||
window->IsInnerWindow() ? js::DontNukeWindowReferences :
|
||||
|
@ -756,9 +756,9 @@ nsJSContext::DOMOperationCallback(JSContext *cx)
|
||||
NS_ENSURE_TRUE(prompt, JS_FALSE);
|
||||
|
||||
// Check if we should offer the option to debug
|
||||
JSScript *script;
|
||||
JS::RootedScript script(cx);
|
||||
unsigned lineno;
|
||||
JSBool hasFrame = ::JS_DescribeScriptedCaller(cx, &script, &lineno);
|
||||
JSBool hasFrame = ::JS_DescribeScriptedCaller(cx, script.address(), &lineno);
|
||||
|
||||
bool debugPossible = hasFrame && js::CanCallContextDebugHandler(cx);
|
||||
#ifdef MOZ_JSDEBUGGER
|
||||
@ -1354,7 +1354,7 @@ nsJSContext::CompileScript(const PRUnichar* aText,
|
||||
|
||||
NS_ENSURE_ARG_POINTER(aPrincipal);
|
||||
|
||||
JSObject* scopeObject = ::JS_GetGlobalObject(mContext);
|
||||
JS::Rooted<JSObject*> scopeObject(mContext, ::JS_GetGlobalObject(mContext));
|
||||
xpc_UnmarkGrayObject(scopeObject);
|
||||
|
||||
bool ok = false;
|
||||
@ -1482,8 +1482,8 @@ nsJSContext::JSObjectFromInterface(nsISupports* aTarget, JS::HandleObject aScope
|
||||
// Get the jsobject associated with this target
|
||||
// We don't wrap here because we trust the JS engine to wrap the target
|
||||
// later.
|
||||
JS::Value v;
|
||||
nsresult rv = nsContentUtils::WrapNative(mContext, aScope, aTarget, &v);
|
||||
JS::Rooted<JS::Value> v(mContext);
|
||||
nsresult rv = nsContentUtils::WrapNative(mContext, aScope, aTarget, v.address());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
#ifdef DEBUG
|
||||
@ -1562,8 +1562,9 @@ nsresult
|
||||
nsJSContext::Deserialize(nsIObjectInputStream* aStream,
|
||||
JS::MutableHandle<JSScript*> aResult)
|
||||
{
|
||||
JSScript *script;
|
||||
nsresult rv = nsContentUtils::XPConnect()->ReadScript(aStream, mContext, &script);
|
||||
JS::RootedScript script(mContext);
|
||||
nsresult rv =
|
||||
nsContentUtils::XPConnect()->ReadScript(aStream, mContext, script.address());
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
aResult.set(script);
|
||||
@ -1573,7 +1574,7 @@ nsJSContext::Deserialize(nsIObjectInputStream* aStream,
|
||||
nsIScriptGlobalObject *
|
||||
nsJSContext::GetGlobalObject()
|
||||
{
|
||||
JSObject *global = ::JS_GetGlobalObject(mContext);
|
||||
JS::Rooted<JSObject*> global(mContext, ::JS_GetGlobalObject(mContext));
|
||||
|
||||
if (!global) {
|
||||
return nullptr;
|
||||
@ -1778,8 +1779,8 @@ nsJSContext::ConvertSupportsTojsvals(nsISupports *aArgs,
|
||||
"Don't pass nsISupportsPrimitives - use nsIVariant!");
|
||||
#endif
|
||||
nsCOMPtr<nsIXPConnectJSObjectHolder> wrapper;
|
||||
JS::Value v;
|
||||
rv = nsContentUtils::WrapNative(mContext, aScope, arg, &v,
|
||||
JS::Rooted<JS::Value> v(mContext);
|
||||
rv = nsContentUtils::WrapNative(mContext, aScope, arg, v.address(),
|
||||
getter_AddRefs(wrapper));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
*thisval = v;
|
||||
@ -1979,9 +1980,9 @@ nsJSContext::AddSupportsPrimitiveTojsvals(nsISupports *aArg, JS::Value *aArgv)
|
||||
|
||||
nsCOMPtr<nsIXPConnectJSObjectHolder> wrapper;
|
||||
JS::Rooted<JSObject*> global(cx, xpc_UnmarkGrayObject(::JS_GetGlobalObject(cx)));
|
||||
JS::Value v;
|
||||
JS::Rooted<JS::Value> v(cx);
|
||||
nsresult rv = nsContentUtils::WrapNative(cx, global,
|
||||
data, iid, &v,
|
||||
data, iid, v.address(),
|
||||
getter_AddRefs(wrapper));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
@ -3393,9 +3394,9 @@ NS_DOMReadStructuredClone(JSContext* cx,
|
||||
if (tag == SCTAG_DOM_IMAGEDATA) {
|
||||
// Read the information out of the stream.
|
||||
uint32_t width, height;
|
||||
JS::Value dataArray;
|
||||
JS::Rooted<JS::Value> dataArray(cx);
|
||||
if (!JS_ReadUint32Pair(reader, &width, &height) ||
|
||||
!JS_ReadTypedArray(reader, &dataArray)) {
|
||||
!JS_ReadTypedArray(reader, dataArray.address())) {
|
||||
return nullptr;
|
||||
}
|
||||
MOZ_ASSERT(dataArray.isObject());
|
||||
|
Loading…
Reference in New Issue
Block a user