Bug 945360 - Fix some recent new rooting hazards in SpiderMonkey; r=sfink

2024-09-13 09:24:08 -07:00 · 2013-12-02 11:11:07 -08:00 · 2013-12-02 11:11:07 -08:00 · e9a995067c
commit e9a995067c
parent 61a2b4bc28
4 changed files with 16 additions and 10 deletions
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@ -564,7 +564,8 @@ JS_FRIEND_API(bool)
 js::GetOriginalEval(JSContext *cx, HandleObject scope, MutableHandleObject eval)
 {
    assertSameCompartment(cx, scope);
-    return scope->global().getOrCreateEval(cx, eval);
+    Rooted<GlobalObject *> global(cx, &scope->global());
+    return GlobalObject::getOrCreateEval(cx, global, eval);
 }

 JS_FRIEND_API(void)
--- a/js/src/vm/Debugger.cpp
+++ b/js/src/vm/Debugger.cpp
@ -99,7 +99,7 @@ ReportMoreArgsNeeded(JSContext *cx, const char *name, unsigned required)
 }

 static inline bool
-EnsureFunctionHasScript(JSContext *cx, JSFunction *fun)
+EnsureFunctionHasScript(JSContext *cx, HandleFunction fun)
 {
    if (fun->isInterpretedLazy()) {
        AutoCompartment ac(cx, fun);
@ -109,7 +109,7 @@ EnsureFunctionHasScript(JSContext *cx, JSFunction *fun)
 }

 static inline JSScript *
-GetOrCreateFunctionScript(JSContext *cx, JSFunction *fun)
+GetOrCreateFunctionScript(JSContext *cx, HandleFunction fun)
 {
    MOZ_ASSERT(fun->isInterpreted());
    if (!EnsureFunctionHasScript(cx, fun))
@ -707,8 +707,11 @@ Debugger::wrapDebuggeeValue(JSContext *cx, MutableHandleValue vp)
    if (vp.isObject()) {
        RootedObject obj(cx, &vp.toObject());

-        if (obj->is<JSFunction>() && !EnsureFunctionHasScript(cx, &obj->as<JSFunction>()))
-            return false;
+        if (obj->is<JSFunction>()) {
+            RootedFunction fun(cx, &obj->as<JSFunction>());
+            if (!EnsureFunctionHasScript(cx, fun))
+                return false;
+        }

        DependentAddPtr<ObjectWeakMap> p(cx, objects, obj);
        if (p) {
--- a/js/src/vm/GlobalObject.cpp
+++ b/js/src/vm/GlobalObject.cpp
@ -453,12 +453,13 @@ GlobalObject::create(JSContext *cx, const Class *clasp)
    return global;
 }

-bool
-GlobalObject::getOrCreateEval(JSContext *cx, MutableHandleObject eval)
+/* static */ bool
+GlobalObject::getOrCreateEval(JSContext *cx, Handle<GlobalObject*> global,
+                              MutableHandleObject eval)
 {
-    if (!getOrCreateObjectPrototype(cx))
+    if (!global->getOrCreateObjectPrototype(cx))
        return false;
-    eval.set(&getSlotRefForCompilation(EVAL).toObject());
+    eval.set(&global->getSlotRefForCompilation(EVAL).toObject());
    return true;
 }

--- a/js/src/vm/GlobalObject.h
+++ b/js/src/vm/GlobalObject.h
@ -590,7 +590,8 @@ class GlobalObject : public JSObject
    // in which |obj| was created, if no prior warning was given.
    static bool warnOnceAboutWatch(JSContext *cx, HandleObject obj);

-    bool getOrCreateEval(JSContext *cx, MutableHandleObject eval);
+    static bool getOrCreateEval(JSContext *cx, Handle<GlobalObject*> global,
+                                MutableHandleObject eval);

    // Infallibly test whether the given value is the eval function for this global.
    bool valueIsEval(Value val);