mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 871187 - Fix rooting hazards in the storage code; r=till

This commit is contained in:
Ehsan Akhgari 2013-05-12 09:10:39 -04:00
Родитель 7ff6ff5e86
Коммит 2c1566bb99
4 изменённых файлов: 29 добавлений и 18 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
storage/src/mozStorageAsyncStatementJSHelper.cpp
Просмотреть файл

@ -44,10 +44,11 @@ AsyncStatementJSHelper::getParams(AsyncStatement *aStatement,
new AsyncStatementParams(aStatement);
NS_ENSURE_TRUE(params, NS_ERROR_OUT_OF_MEMORY);
JS::RootedObject scope(aCtx, aScopeObj);
nsCOMPtr<nsIXPConnect> xpc(Service::getXPConnect());
rv = xpc->WrapNative(
aCtx,
::JS_GetGlobalForObject(aCtx, aScopeObj),
::JS_GetGlobalForObject(aCtx, scope),
params,
NS_GET_IID(mozIStorageStatementParams),
getter_AddRefs(aStatement->mStatementParamsHolder)
@ -91,6 +92,8 @@ AsyncStatementJSHelper::GetProperty(nsIXPConnectWrappedNative *aWrapper,
return NS_OK;
// Cast to async via mozI* since direct from nsISupports is ambiguous.
JS::RootedObject scope(aCtx, aScopeObj);
JS::RootedId id(aCtx, aId);
mozIStorageAsyncStatement *iAsyncStmt =
static_cast<mozIStorageAsyncStatement *>(aWrapper->Native());
AsyncStatement *stmt = static_cast<AsyncStatement *>(iAsyncStmt);
@ -103,8 +106,8 @@ AsyncStatementJSHelper::GetProperty(nsIXPConnectWrappedNative *aWrapper,
}
#endif
if (::JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(aId), "params"))
return getParams(stmt, aCtx, aScopeObj, _result);
if (::JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(id), "params"))
return getParams(stmt, aCtx, scope, _result);
return NS_OK;
}

19
storage/src/mozStorageStatementJSHelper.cpp
Просмотреть файл

@ -94,13 +94,14 @@ StatementJSHelper::getRow(Statement *aStatement,
#endif
if (!aStatement->mStatementRowHolder) {
JS::RootedObject scope(aCtx, aScopeObj);
nsCOMPtr<mozIStorageStatementRow> row(new StatementRow(aStatement));
NS_ENSURE_TRUE(row, NS_ERROR_OUT_OF_MEMORY);
nsCOMPtr<nsIXPConnect> xpc(Service::getXPConnect());
rv = xpc->WrapNative(
aCtx,
::JS_GetGlobalForObject(aCtx, aScopeObj),
::JS_GetGlobalForObject(aCtx, scope),
row,
NS_GET_IID(mozIStorageStatementRow),
getter_AddRefs(aStatement->mStatementRowHolder)
@ -132,6 +133,7 @@ StatementJSHelper::getParams(Statement *aStatement,
#endif
if (!aStatement->mStatementParamsHolder) {
JS::RootedObject scope(aCtx, aScopeObj);
nsCOMPtr<mozIStorageStatementParams> params =
new StatementParams(aStatement);
NS_ENSURE_TRUE(params, NS_ERROR_OUT_OF_MEMORY);
@ -139,7 +141,7 @@ StatementJSHelper::getParams(Statement *aStatement,
nsCOMPtr<nsIXPConnect> xpc(Service::getXPConnect());
rv = xpc->WrapNative(
aCtx,
::JS_GetGlobalForObject(aCtx, aScopeObj),
::JS_GetGlobalForObject(aCtx, scope),
params,
NS_GET_IID(mozIStorageStatementParams),
getter_AddRefs(aStatement->mStatementParamsHolder)
@ -195,12 +197,14 @@ StatementJSHelper::GetProperty(nsIXPConnectWrappedNative *aWrapper,
static_cast<mozIStorageStatement *>(aWrapper->Native())
);
JSFlatString *str = JSID_TO_FLAT_STRING(aId);
JS::RootedObject scope(aCtx, aScopeObj);
JS::RootedId id(aCtx, aId);
JSFlatString *str = JSID_TO_FLAT_STRING(id);
if (::JS_FlatStringEqualsAscii(str, "row"))
return getRow(stmt, aCtx, aScopeObj, _result);
return getRow(stmt, aCtx, scope, _result);
if (::JS_FlatStringEqualsAscii(str, "params"))
return getParams(stmt, aCtx, aScopeObj, _result);
return getParams(stmt, aCtx, scope, _result);
return NS_OK;
}
@ -218,10 +222,11 @@ StatementJSHelper::NewResolve(nsIXPConnectWrappedNative *aWrapper,
if (!JSID_IS_STRING(aId))
return NS_OK;
JS::RootedObject scope(aCtx, aScopeObj);
if (::JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(aId), "step")) {
*_retval = ::JS_DefineFunction(aCtx, aScopeObj, "step", stepFunc,
*_retval = ::JS_DefineFunction(aCtx, scope, "step", stepFunc,
0, 0) != nullptr;
*_objp = aScopeObj;
*_objp = scope.get();
return NS_OK;
}
return NS_OK;

16
storage/src/mozStorageStatementParams.cpp
Просмотреть файл

@ -162,22 +162,24 @@ StatementParams::NewResolve(nsIXPConnectWrappedNative *aWrapper,
// because we want to allow the prototype chain to be checked for the
// property.
JS::RootedObject scope(aCtx, aScopeObj);
JS::RootedId id(aCtx, aId);
bool resolved = false;
bool ok = true;
if (JSID_IS_INT(aId)) {
uint32_t idx = JSID_TO_INT(aId);
if (JSID_IS_INT(id)) {
uint32_t idx = JSID_TO_INT(id);
// Ensure that our index is within range. We do not care about the
// prototype chain being checked here.
if (idx >= mParamCount)
return NS_ERROR_INVALID_ARG;
ok = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nullptr,
ok = ::JS_DefineElement(aCtx, scope, idx, JSVAL_VOID, nullptr,
nullptr, JSPROP_ENUMERATE);
resolved = true;
}
else if (JSID_IS_STRING(aId)) {
JSString *str = JSID_TO_STRING(aId);
else if (JSID_IS_STRING(id)) {
JSString *str = JSID_TO_STRING(id);
size_t nameLength;
const jschar *nameChars = JS_GetStringCharsAndLength(aCtx, str, &nameLength);
NS_ENSURE_TRUE(nameChars, NS_ERROR_UNEXPECTED);
@ -188,14 +190,14 @@ StatementParams::NewResolve(nsIXPConnectWrappedNative *aWrapper,
uint32_t idx;
nsresult rv = mStatement->GetParameterIndex(name, &idx);
if (NS_SUCCEEDED(rv)) {
ok = ::JS_DefinePropertyById(aCtx, aScopeObj, aId, JSVAL_VOID, nullptr,
ok = ::JS_DefinePropertyById(aCtx, scope, id, JSVAL_VOID, nullptr,
nullptr, JSPROP_ENUMERATE);
resolved = true;
}
}
*_retval = ok;
*_objp = resolved && ok ? aScopeObj : nullptr;
*_objp = resolved && ok ? scope.get() : nullptr;
return NS_OK;
}

3
storage/src/mozStorageStatementRow.cpp
Просмотреть файл

@ -49,6 +49,7 @@ StatementRow::GetProperty(nsIXPConnectWrappedNative *aWrapper,
{
NS_ENSURE_TRUE(mStatement, NS_ERROR_NOT_INITIALIZED);
JS::RootedObject scope(aCtx, aScopeObj);
if (JSID_IS_STRING(aId)) {
::JSAutoByteString idBytes(aCtx, JSID_TO_STRING(aId));
NS_ENSURE_TRUE(!!idBytes, NS_ERROR_OUT_OF_MEMORY);
@ -95,7 +96,7 @@ StatementRow::GetProperty(nsIXPConnectWrappedNative *aWrapper,
// Copy the blob over to the JS array.
for (uint32_t i = 0; i < length; i++) {
jsval val = INT_TO_JSVAL(blob[i]);
if (!::JS_SetElement(aCtx, aScopeObj, i, &val)) {
if (!::JS_SetElement(aCtx, scope, i, &val)) {
*_retval = false;
return NS_OK;
}