wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 969410 - Do not expose non-tenured addresses in JS_GetObjectId; r=sfink

Browse Source 
--HG--
extra : rebase_source : dfa32a19df80b9ae5f9d7d535b141e50007c0149
This commit is contained in:
Terrence Cole 2014-02-20 13:38:57 -08:00
parent cedc05a6bc
commit cd3165bc12
4 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dom/xbl/nsXBLBinding.cpp
View File

@ -954,7 +954,7 @@ nsXBLBinding::DoInitJSClass(JSContext *cx, JS::Handle<JSObject*> global,
// we don't have accidental collisions with the case when parent_proto is
// null and aClassName ends in some bizarre numbers (yeah, it's unlikely).
JS::Rooted<jsid> parent_proto_id(cx);
if (!::JS_GetObjectId(cx, parent_proto, parent_proto_id.address())) {
if (!::JS_GetObjectId(cx, parent_proto, &parent_proto_id)) {
// Probably OOM
return NS_ERROR_OUT_OF_MEMORY;
}

4
js/public/Id.h
View File

@ -21,9 +21,10 @@
// JS_IdToValue must be used instead.
#include "mozilla/NullPtr.h"
#include "jstypes.h"
#include "js/HeapAPI.h"
#include "js/RootingAPI.h"
#include "js/TypeDecls.h"
#include "js/Utility.h"
@ -116,6 +117,7 @@ OBJECT_TO_JSID(JSObject *obj)
jsid id;
MOZ_ASSERT(obj != nullptr);
MOZ_ASSERT(((size_t)obj & JSID_TYPE_MASK) == 0);
JS_ASSERT(!js::gc::IsInsideNursery(js::gc::GetGCThingRuntime(obj), obj));
JSID_BITS(id) = ((size_t)obj | JSID_TYPE_OBJECT);
return id;
}

13
js/src/jsapi.cpp
View File

@ -2419,11 +2419,20 @@ JS_GetConstructor(JSContext *cx, HandleObject proto)
}
JS_PUBLIC_API(bool)
JS_GetObjectId(JSContext *cx, JSObject *obj, jsid *idp)
JS_GetObjectId(JSContext *cx, HandleObject obj, MutableHandleId idp)
{
AssertHeapIsIdle(cx);
assertSameCompartment(cx, obj);
*idp = OBJECT_TO_JSID(obj);
#ifdef JSGC_GENERATIONAL
// Ensure that the object is tenured before returning it.
if (IsInsideNursery(cx->runtime(), obj)) {
MinorGC(cx, JS::gcreason::EVICT_NURSERY);
MOZ_ASSERT(!IsInsideNursery(cx->runtime(), obj));
}
#endif
idp.set(OBJECT_TO_JSID(obj));
return true;
}

2
js/src/jsapi.h
View File

@ -2555,7 +2555,7 @@ JS_GetConstructor(JSContext *cx, JS::Handle<JSObject*> proto);
* and true with *idp containing the unique id on success.
*/
extern JS_PUBLIC_API(bool)
JS_GetObjectId(JSContext *cx, JSObject *obj, jsid *idp);
JS_GetObjectId(JSContext *cx, JS::HandleObject obj, JS::MutableHandleId idp);
namespace JS {