wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Protect against someone calling XPCSafeJSObjectWrapper.prototype(). bug 375164, r+sr=brendan

Browse Source
This commit is contained in:
mrbkap@gmail.com 2007-04-10 09:04:43 -07:00
parent 9b7df4e5fa
commit eb8514f0f0
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
View File

@ -1,5 +1,5 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 sw=2 et tw=80: */
/* vim: set ts=2 sw=2 et tw=78: */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
@ -842,6 +842,13 @@ XPC_SJOW_Call(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
JSObject *funToCall = GetUnsafeObject(cx, JSVAL_TO_OBJECT(argv[-2]));
if (!funToCall) {
// Someone has called XPCSafeJSObjectWrapper.prototype() causing
// us to find a safe object wrapper without an unsafeObject as
// its parent. That call shouldn't do anything, so bail here.
return JS_TRUE;
}
// Check that the caller can access the unsafe object on which the
// call is being made, and the actual function we're about to call.
if (!CanCallerAccess(cx, unsafeObj) || !CanCallerAccess(cx, funToCall)) {