mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 866450 Part 5: Fix rooting hazards under content/ and dom/ r=bz

This commit is contained in:
David Zbarsky 2013-05-02 05:12:47 -04:00
Родитель 0038c0af1b
Коммит 43c59d9684
6 изменённых файлов: 47 добавлений и 45 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
content/base/src/nsContentUtils.cpp
Просмотреть файл

@ -6381,11 +6381,11 @@ nsContentUtils::IsPatternMatching(nsAString& aValue, nsAString& aPattern,
return true;
}
JS::Value rval = JS::NullValue();
JS::Rooted<JS::Value> rval(cx, JS::NullValue());
size_t idx = 0;
if (!JS_ExecuteRegExpNoStatics(cx, re,
static_cast<jschar*>(aValue.BeginWriting()),
aValue.Length(), &idx, true, &rval)) {
aValue.Length(), &idx, true, rval.address())) {
JS_ClearPendingException(cx);
return true;
}

24
content/base/src/nsDOMBlobBuilder.cpp
Просмотреть файл

@ -209,23 +209,23 @@ nsDOMMultipartFile::InitBlob(JSContext* aCx,
return NS_ERROR_TYPE_ERR; // We're not interested
}
JSObject& obj = aArgv[0].toObject();
if (!JS_IsArrayObject(aCx, &obj)) {
JS::Rooted<JSObject*> obj(aCx, &aArgv[0].toObject());
if (!JS_IsArrayObject(aCx, obj)) {
return NS_ERROR_TYPE_ERR; // We're not interested
}
BlobSet blobSet;
uint32_t length;
JS_ALWAYS_TRUE(JS_GetArrayLength(aCx, &obj, &length));
JS_ALWAYS_TRUE(JS_GetArrayLength(aCx, obj, &length));
for (uint32_t i = 0; i < length; ++i) {
JS::Value element;
if (!JS_GetElement(aCx, &obj, i, &element))
JS::Rooted<JS::Value> element(aCx);
if (!JS_GetElement(aCx, obj, i, element.address()))
return NS_ERROR_TYPE_ERR;
if (element.isObject()) {
JSObject& obj = element.toObject();
nsCOMPtr<nsIDOMBlob> blob = aUnwrapFunc(aCx, &obj);
JS::Rooted<JSObject*> obj(aCx, &element.toObject());
nsCOMPtr<nsIDOMBlob> blob = aUnwrapFunc(aCx, obj);
if (blob) {
// Flatten so that multipart blobs will never nest
nsDOMFileBase* file = static_cast<nsDOMFileBase*>(
@ -239,13 +239,13 @@ nsDOMMultipartFile::InitBlob(JSContext* aCx,
}
continue;
}
if (JS_IsArrayBufferViewObject(&obj)) {
blobSet.AppendVoidPtr(JS_GetArrayBufferViewData(&obj),
JS_GetArrayBufferViewByteLength(&obj));
if (JS_IsArrayBufferViewObject(obj)) {
blobSet.AppendVoidPtr(JS_GetArrayBufferViewData(obj),
JS_GetArrayBufferViewByteLength(obj));
continue;
}
if (JS_IsArrayBufferObject(&obj)) {
blobSet.AppendArrayBuffer(&obj);
if (JS_IsArrayBufferObject(obj)) {
blobSet.AppendArrayBuffer(obj);
continue;
}
// neither Blob nor ArrayBuffer(View)

4
content/base/src/nsDOMFileReader.cpp
Просмотреть файл

@ -184,8 +184,8 @@ nsDOMFileReader::GetReadyState(uint16_t *aReadyState)
JS::Value
nsDOMFileReader::GetResult(JSContext* aCx, ErrorResult& aRv)
{
JS::Value result = JS::UndefinedValue();
aRv = GetResult(aCx, &result);
JS::Rooted<JS::Value> result(aCx, JS::UndefinedValue());
aRv = GetResult(aCx, result.address());
return result;
}

36
content/base/src/nsDocument.cpp
Просмотреть файл

@ -4966,17 +4966,18 @@ nsIDocument::CreateAttributeNS(const nsAString& aNamespaceURI,
static JSBool
CustomElementConstructor(JSContext *aCx, unsigned aArgc, JS::Value* aVp)
{
JS::Value calleeVal = JS_CALLEE(aCx, aVp);
JS::CallArgs args = JS::CallArgsFromVp(aArgc, aVp);
JS::Rooted<JSObject*> global(aCx,
JS_GetGlobalForObject(aCx, &calleeVal.toObject()));
JS_GetGlobalForObject(aCx, &args.callee()));
nsCOMPtr<nsPIDOMWindow> window = do_QueryWrapper(aCx, global);
MOZ_ASSERT(window, "Should have a non-null window");
nsIDocument* document = window->GetDoc();
// Function name is the type of the custom element.
JSString* jsFunName = JS_GetFunctionId(JS_ValueToFunction(aCx, calleeVal));
JSString* jsFunName =
JS_GetFunctionId(JS_ValueToFunction(aCx, args.calleev()));
nsDependentJSString elemName;
if (!elemName.init(aCx, jsFunName)) {
return false;
@ -4985,11 +4986,10 @@ CustomElementConstructor(JSContext *aCx, unsigned aArgc, JS::Value* aVp)
nsCOMPtr<nsIContent> newElement;
nsresult rv = document->CreateElem(elemName, nullptr, kNameSpaceID_XHTML,
getter_AddRefs(newElement));
JS::Value v;
rv = nsContentUtils::WrapNative(aCx, global, newElement, newElement, &v);
rv = nsContentUtils::WrapNative(aCx, global, newElement, newElement,
args.rval().address());
NS_ENSURE_SUCCESS(rv, false);
JS_SET_RVAL(aCx, aVp, v);
return true;
}
@ -5051,13 +5051,14 @@ nsDocument::Register(JSContext* aCx, const nsAString& aName,
JSAutoCompartment ac(aCx, global);
JSObject* htmlProto = HTMLElementBinding::GetProtoObject(aCx, global);
JS::Handle<JSObject*> htmlProto(
HTMLElementBinding::GetProtoObject(aCx, global));
if (!htmlProto) {
rv.Throw(NS_ERROR_OUT_OF_MEMORY);
return nullptr;
}
JSObject* protoObject;
JS::Rooted<JSObject*> protoObject(aCx);
if (!aOptions.mPrototype) {
protoObject = JS_NewObject(aCx, nullptr, htmlProto, nullptr);
if (!protoObject) {
@ -5068,14 +5069,14 @@ nsDocument::Register(JSContext* aCx, const nsAString& aName,
// If a prototype is provided, we must check to ensure that it inherits
// from HTMLElement.
protoObject = aOptions.mPrototype;
if (!JS_WrapObject(aCx, &protoObject)) {
if (!JS_WrapObject(aCx, protoObject.address())) {
rv.Throw(NS_ERROR_UNEXPECTED);
return nullptr;
}
// Check the proto chain for HTMLElement prototype.
JSObject* protoProto;
if (!JS_GetPrototype(aCx, protoObject, &protoProto)) {
JS::Rooted<JSObject*> protoProto(aCx);
if (!JS_GetPrototype(aCx, protoObject, protoProto.address())) {
rv.Throw(NS_ERROR_UNEXPECTED);
return nullptr;
}
@ -5083,7 +5084,7 @@ nsDocument::Register(JSContext* aCx, const nsAString& aName,
if (protoProto == htmlProto) {
break;
}
if (!JS_GetPrototype(aCx, protoProto, &protoProto)) {
if (!JS_GetPrototype(aCx, protoProto, protoProto.address())) {
rv.Throw(NS_ERROR_UNEXPECTED);
return nullptr;
}
@ -6585,9 +6586,9 @@ nsIDocument::AdoptNode(nsINode& aAdoptedNode, ErrorResult& rv)
// scope. But we try to pass something sane anyway.
JS::Rooted<JSObject*> global(cx, GetScopeObject()->GetGlobalJSObject());
JS::Value v;
rv = nsContentUtils::WrapNative(cx, global, this, this, &v, nullptr,
/* aAllowWrapping = */ false);
JS::Rooted<JS::Value> v(cx);
rv = nsContentUtils::WrapNative(cx, global, this, this, v.address(),
nullptr, /* aAllowWrapping = */ false);
if (rv.Failed())
return nullptr;
newScope = &v.toObject();
@ -11218,11 +11219,12 @@ nsIDocument::PostCreateWrapper(JSContext* aCx, JS::Handle<JSObject*> aNewObject)
JSAutoCompartment ac(aCx, aNewObject);
jsval winVal;
JS::Rooted<JS::Value> winVal(aCx);
nsCOMPtr<nsIXPConnectJSObjectHolder> holder;
nsresult rv = nsContentUtils::WrapNative(aCx, aNewObject, win,
&NS_GET_IID(nsIDOMWindow),
&winVal, getter_AddRefs(holder),
winVal.address(),
getter_AddRefs(holder),
false);
if (NS_FAILED(rv)) {
return Throw<true>(aCx, rv);

14
content/events/src/nsEventListenerService.cpp
Просмотреть файл

@ -84,8 +84,8 @@ nsEventListenerInfo::GetJSVal(JSContext* aCx,
*aJSVal = JSVAL_NULL;
nsCOMPtr<nsIXPConnectWrappedJS> wrappedJS = do_QueryInterface(mListener);
if (wrappedJS) {
JSObject* object = nullptr;
if (NS_FAILED(wrappedJS->GetJSObject(&object))) {
JS::Rooted<JSObject*> object(aCx, nullptr);
if (NS_FAILED(wrappedJS->GetJSObject(object.address()))) {
return false;
}
aAc.construct(aCx, object);
@ -115,8 +115,8 @@ nsEventListenerInfo::ToSource(nsAString& aResult)
// Extra block to finish the auto request before calling pop
JSAutoRequest ar(cx);
mozilla::Maybe<JSAutoCompartment> ac;
JS::Value v = JSVAL_NULL;
if (GetJSVal(cx, ac, &v)) {
JS::Rooted<JS::Value> v(cx, JSVAL_NULL);
if (GetJSVal(cx, ac, v.address())) {
JSString* str = JS_ValueToSource(cx, v);
if (str) {
nsDependentJSString depStr;
@ -139,7 +139,7 @@ nsEventListenerInfo::GetDebugObject(nsISupports** aRetVal)
nsCOMPtr<jsdIDebuggerService> jsd =
do_GetService("@mozilla.org/js/jsd/debugger-service;1", &rv);
NS_ENSURE_SUCCESS(rv, NS_OK);
bool isOn = false;
jsd->GetIsOn(&isOn);
NS_ENSURE_TRUE(isOn, NS_OK);
@ -149,8 +149,8 @@ nsEventListenerInfo::GetDebugObject(nsISupports** aRetVal)
// Extra block to finish the auto request before calling pop
JSAutoRequest ar(cx);
mozilla::Maybe<JSAutoCompartment> ac;
JS::Value v = JSVAL_NULL;
if (GetJSVal(cx, ac, &v)) {
JS::Rooted<JS::Value> v(cx, JSVAL_NULL);
if (GetJSVal(cx, ac, v.address())) {
nsCOMPtr<jsdIValue> jsdValue;
rv = jsd->WrapValue(v, getter_AddRefs(jsdValue));
NS_ENSURE_SUCCESS(rv, rv);

10
content/html/content/src/HTMLCanvasElement.cpp
Просмотреть файл

@ -762,13 +762,13 @@ HTMLCanvasElement::GetContext(const nsAString& aContextId,
MOZ_ASSERT(aCx);
contextProps = do_CreateInstance("@mozilla.org/hash-property-bag;1");
JSObject& opts = aContextOptions.toObject();
JS::AutoIdArray props(aCx, JS_Enumerate(aCx, &opts));
JS::Rooted<JSObject*> opts(aCx, &aContextOptions.toObject());
JS::AutoIdArray props(aCx, JS_Enumerate(aCx, opts));
for (size_t i = 0; !!props && i < props.length(); ++i) {
jsid propid = props[i];
JS::Value propname, propval;
if (!JS_IdToValue(aCx, propid, &propname) ||
!JS_GetPropertyById(aCx, &opts, propid, &propval)) {
JS::Rooted<JS::Value> propname(aCx), propval(aCx);
if (!JS_IdToValue(aCx, propid, propname.address()) ||
!JS_GetPropertyById(aCx, opts, propid, propval.address())) {
return NS_ERROR_FAILURE;
}