зеркало из https://github.com/mozilla/gecko-dev.git
Bug 832091 - guards against crashes in resolveDOMCollectionProperty. r=bholley
This commit is contained in:
Родитель
124aabc9f4
Коммит
07c194820d
|
@ -605,12 +605,11 @@ holder_set(JSContext *cx, HandleObject wrapperArg, HandleId id, JSBool strict, M
|
||||||
class AutoSetWrapperNotShadowing
|
class AutoSetWrapperNotShadowing
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
AutoSetWrapperNotShadowing(JSObject *wrapper MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
AutoSetWrapperNotShadowing(ResolvingId *resolvingId MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
||||||
{
|
{
|
||||||
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
||||||
MOZ_ASSERT(wrapper);
|
MOZ_ASSERT(resolvingId);
|
||||||
mResolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
|
mResolvingId = resolvingId;
|
||||||
MOZ_ASSERT(mResolvingId);
|
|
||||||
mResolvingId->mXrayShadowing = true;
|
mResolvingId->mXrayShadowing = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -640,12 +639,26 @@ XPCWrappedNativeXrayTraits::resolveDOMCollectionProperty(JSContext *cx, HandleOb
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
XPCWrappedNative *wn = getWN(wrapper);
|
XPCWrappedNative *wn = getWN(wrapper);
|
||||||
|
if (!wn) {
|
||||||
|
// This should NEVER happen, but let's be extra careful here
|
||||||
|
// becaue of the reported crashes (Bug 832091).
|
||||||
|
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
|
if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
ResolvingId *resolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
|
||||||
|
if (!resolvingId) {
|
||||||
|
// This should NEVER happen, but let's be extra careful here
|
||||||
|
// becaue of the reported crashes (Bug 832091).
|
||||||
|
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Setting the current ResolvingId in non-shadowing mode. So for this id
|
// Setting the current ResolvingId in non-shadowing mode. So for this id
|
||||||
// Xray won't ignore DOM specific collection properties temporarily.
|
// Xray won't ignore DOM specific collection properties temporarily.
|
||||||
AutoSetWrapperNotShadowing asw(wrapper);
|
AutoSetWrapperNotShadowing asw(resolvingId);
|
||||||
|
|
||||||
bool retval = true;
|
bool retval = true;
|
||||||
RootedObject pobj(cx);
|
RootedObject pobj(cx);
|
||||||
|
@ -777,10 +790,13 @@ XPCWrappedNativeXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wr
|
||||||
XPCNativeInterface *iface;
|
XPCNativeInterface *iface;
|
||||||
XPCNativeMember *member;
|
XPCNativeMember *member;
|
||||||
XPCWrappedNative *wn = getWN(wrapper);
|
XPCWrappedNative *wn = getWN(wrapper);
|
||||||
if (ccx.GetWrapper() != wn ||
|
|
||||||
!wn->IsValid() ||
|
if (ccx.GetWrapper() != wn || !wn->IsValid()) {
|
||||||
!(iface = ccx.GetInterface()) ||
|
// Something is wrong. If the wrapper is not even valid let's not risk
|
||||||
!(member = ccx.GetMember())) {
|
// calling resolveDOMCollectionProperty.
|
||||||
|
return true;
|
||||||
|
} else if (!(iface = ccx.GetInterface()) ||
|
||||||
|
!(member = ccx.GetMember())) {
|
||||||
/* Not found */
|
/* Not found */
|
||||||
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);
|
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче