mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1582568 - Nuke CCWs for waivers for remote window proxies. r=peterv 

Xray waivers for remote window proxies don't make much sense, so we nuke any
waiver when a window proxy navigates from local to remote. However, this xray
waiver can be the target of a CCW, and dead wrappers are not supposed to the
target of a CCW, so we need to find and nuke any CCWs targetting the waiver.

This requires fixing js::RemapWrapper so that it can be used to fix CCWs to
dead wrappers.

Hopefully this will fix a bunch of intermittent failures in
browser_windowProxy_transplant.js.

Differential Revision: https://phabricator.services.mozilla.com/D66459

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrew McCreight 2020-03-23 15:36:40 +00:00
Родитель bdbb0b4ec0
Коммит 2110d31627
3 изменённых файлов: 13 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
dom/tests/browser/browser.ini
Просмотреть файл

@ -106,6 +106,5 @@ support-files =
[browser_keypressTelemetry.js] [browser_keypressTelemetry.js]
skip-if = webrender skip-if = webrender
[browser_windowProxy_transplant.js] [browser_windowProxy_transplant.js]
skip-if = (!fission && (os == 'linux' || os == 'mac')) || (fission && os == 'linux' && bits == 64 && os_version == '18.04') # Bug 1582568; Bug 1581862, bug 1608600
support-files = support-files =
file_postMessage_parent.html file_postMessage_parent.html

10
js/src/proxy/CrossCompartmentWrapper.cpp
Просмотреть файл

@ -526,8 +526,6 @@ void js::RemapWrapper(JSContext* cx, JSObject* wobjArg,
MOZ_ASSERT(!newTarget->is<CrossCompartmentWrapperObject>()); MOZ_ASSERT(!newTarget->is<CrossCompartmentWrapperObject>());
JSObject* origTarget = Wrapper::wrappedObject(wobj); JSObject* origTarget = Wrapper::wrappedObject(wobj);
MOZ_ASSERT(origTarget); MOZ_ASSERT(origTarget);
MOZ_ASSERT(!JS_IsDeadWrapper(origTarget),
"We don't want a dead proxy in the wrapper map");
JS::Compartment* wcompartment = wobj->compartment(); JS::Compartment* wcompartment = wobj->compartment();
MOZ_ASSERT(wcompartment != newTarget->compartment()); MOZ_ASSERT(wcompartment != newTarget->compartment());
@ -548,6 +546,14 @@ void js::RemapWrapper(JSContext* cx, JSObject* wobjArg,
// When we remove origv from the wrapper map, its wrapper, wobj, must // When we remove origv from the wrapper map, its wrapper, wobj, must
// immediately cease to be a cross-compartment wrapper. Nuke it. // immediately cease to be a cross-compartment wrapper. Nuke it.
NukeCrossCompartmentWrapper(cx, wobj); NukeCrossCompartmentWrapper(cx, wobj);
// If the target is a dead wrapper, and we're just fixing wrappers for
// it, then we're done now that the CCW is a dead wrapper.
if (JS_IsDeadWrapper(origTarget)) {
MOZ_RELEASE_ASSERT(origTarget == newTarget);
return;
}
js::RemapDeadWrapper(cx, wobj, newTarget); js::RemapDeadWrapper(cx, wobj, newTarget);
} }

5
js/xpconnect/wrappers/WrapperFactory.cpp
Просмотреть файл

@ -826,6 +826,11 @@ static void NukeXrayWaiver(JSContext* cx, JS::HandleObject obj) {
scope->mWaiverWrapperMap->Remove(key); scope->mWaiverWrapperMap->Remove(key);
js::NukeNonCCWProxy(cx, waiver); js::NukeNonCCWProxy(cx, waiver);
// Get rid of any CCWs the waiver may have had.
if (!JS_RefreshCrossCompartmentWrappers(cx, waiver)) {
MOZ_CRASH();
}
} }
JSObject* TransplantObjectNukingXrayWaiver(JSContext* cx, JSObject* TransplantObjectNukingXrayWaiver(JSContext* cx,