From 620ce7d926b5b9fcd00cc081cda4feebc4fd287c Mon Sep 17 00:00:00 2001 From: Terrence Cole Date: Thu, 22 Aug 2013 15:43:47 -0700 Subject: [PATCH] Bug 908483 - Fix some exact rooting hazards in jsd; r=jonco --- js/jsd/jsd_val.cpp | 53 ++++++++++++++++++++++++++++------------------ js/jsd/jsd_xpc.cpp | 11 +++++----- 2 files changed, 37 insertions(+), 27 deletions(-) diff --git a/js/jsd/jsd_val.cpp b/js/jsd/jsd_val.cpp index 2298de32d80b..44618a11bc1f 100644 --- a/js/jsd/jsd_val.cpp +++ b/js/jsd/jsd_val.cpp @@ -239,8 +239,8 @@ jsd_GetValueFunctionId(JSDContext* jsdc, JSDValue* jsdval) JSDValue* jsd_NewValue(JSDContext* jsdc, jsval value) { + JS::RootedValue val(jsdc->jsrt, value); AutoSafeJSContext cx; - JS::RootedValue val(cx, value); JSDValue* jsdval; if(!(jsdval = (JSDValue*) calloc(1, sizeof(JSDValue)))) @@ -309,8 +309,9 @@ jsd_GetValueWrappedJSVal(JSDContext* jsdc, JSDValue* jsdval) return val; } -static JSDProperty* _newProperty(JSDContext* jsdc, JSPropertyDesc* pd, - unsigned additionalFlags) +static JSDProperty* _newProperty(JSDContext* jsdc, JS::HandleValue propId, + JS::HandleValue propValue, JS::HandleValue propAlias, + uint8_t propFlags, unsigned additionalFlags) { JSDProperty* jsdprop; @@ -319,16 +320,16 @@ static JSDProperty* _newProperty(JSDContext* jsdc, JSPropertyDesc* pd, JS_INIT_CLIST(&jsdprop->links); jsdprop->nref = 1; - jsdprop->flags = pd->flags | additionalFlags; + jsdprop->flags = propFlags | additionalFlags; - if(!(jsdprop->name = jsd_NewValue(jsdc, pd->id))) + if(!(jsdprop->name = jsd_NewValue(jsdc, propId))) goto new_prop_fail; - if(!(jsdprop->val = jsd_NewValue(jsdc, pd->value))) + if(!(jsdprop->val = jsd_NewValue(jsdc, propValue))) goto new_prop_fail; if((jsdprop->flags & JSDPD_ALIAS) && - !(jsdprop->alias = jsd_NewValue(jsdc, pd->alias))) + !(jsdprop->alias = jsd_NewValue(jsdc, propAlias))) goto new_prop_fail; return jsdprop; @@ -374,9 +375,17 @@ static bool _buildProps(JSDContext* jsdc, JSDValue* jsdval) return false; } + JS::RootedValue propId(cx); + JS::RootedValue propValue(cx); + JS::RootedValue propAlias(cx); + uint8_t propFlags; for(i = 0; i < pda.length; i++) { - JSDProperty* prop = _newProperty(jsdc, &pda.array[i], 0); + propId = pda.array[i].id; + propValue = pda.array[i].value; + propAlias = pda.array[i].alias; + propFlags = pda.array[i].flags; + JSDProperty* prop = _newProperty(jsdc, propId, propValue, propAlias, propFlags, 0); if(!prop) { _freeProps(jsdc, jsdval); @@ -462,19 +471,22 @@ jsd_IterateProperties(JSDContext* jsdc, JSDValue* jsdval, JSDProperty **iterp) JSDProperty* jsd_GetValueProperty(JSDContext* jsdc, JSDValue* jsdval, JSString* nameStr) { + JS::RootedString name(jsdc->jsrt, nameStr); AutoSafeJSContext cx; JSAutoCompartment acBase(cx, jsdc->glob); JSDProperty* jsdprop; JSDProperty* iter = NULL; JS::RootedObject obj(cx); - JS::RootedString name(cx, nameStr); unsigned attrs = 0; bool found; - JSPropertyDesc pd; const jschar * nameChars; size_t nameLen; JS::RootedValue val(cx), nameval(cx); JS::RootedId nameid(cx); + JS::RootedValue propId(cx); + JS::RootedValue propValue(cx); + JS::RootedValue propAlias(cx); + uint8_t propFlags; if(!jsd_IsValueObject(jsdc, jsdval)) return NULL; @@ -513,37 +525,36 @@ jsd_GetValueProperty(JSDContext* jsdc, JSDValue* jsdval, JSString* nameStr) { if (JS_IsExceptionPending(cx)) { - if (!JS_GetPendingException(cx, &pd.value)) + if (!JS_GetPendingException(cx, propValue.address())) { return NULL; } - pd.flags = JSPD_EXCEPTION; + propFlags = JSPD_EXCEPTION; } else { - pd.flags = JSPD_ERROR; - pd.value = JSVAL_VOID; + propFlags = JSPD_ERROR; + propValue = JSVAL_VOID; } } else { - pd.value = val; + propValue = val; } } nameval = STRING_TO_JSVAL(name); if (!JS_ValueToId(cx, nameval, nameid.address()) || - !JS_IdToValue(cx, nameid, &pd.id)) { + !JS_IdToValue(cx, nameid, propId.address())) { return NULL; } - pd.spare = 0; - pd.alias = JSVAL_NULL; - pd.flags |= (attrs & JSPROP_ENUMERATE) ? JSPD_ENUMERATE : 0 + propAlias = JSVAL_NULL; + propFlags |= (attrs & JSPROP_ENUMERATE) ? JSPD_ENUMERATE : 0 | (attrs & JSPROP_READONLY) ? JSPD_READONLY : 0 | (attrs & JSPROP_PERMANENT) ? JSPD_PERMANENT : 0; - return _newProperty(jsdc, &pd, JSDPD_HINTED); + return _newProperty(jsdc, propId, propValue, propAlias, propFlags, JSDPD_HINTED); } /* @@ -655,8 +666,8 @@ jsd_GetValueClassName(JSDContext* jsdc, JSDValue* jsdval) jsval val = jsdval->val; if(!jsdval->className && !JSVAL_IS_PRIMITIVE(val)) { + JS::RootedObject obj(jsdc->jsrt, JSVAL_TO_OBJECT(val)); AutoSafeJSContext cx; - JS::RootedObject obj(cx, JSVAL_TO_OBJECT(val)); JSAutoCompartment ac(cx, obj); jsdval->className = JS_GetDebugClassName(obj); } diff --git a/js/jsd/jsd_xpc.cpp b/js/jsd/jsd_xpc.cpp index a28b38b50b78..b5ca78df239d 100644 --- a/js/jsd/jsd_xpc.cpp +++ b/js/jsd/jsd_xpc.cpp @@ -897,12 +897,13 @@ jsdProperty::GetValue(jsdIValue **_rval) NS_IMPL_ISUPPORTS2(jsdScript, jsdIScript, jsdIEphemeral) static NS_IMETHODIMP -AssignToJSString(JSDContext *aCx, nsACString *x, JSString *str) +AssignToJSString(JSDContext *aCx, nsACString *x, JSString *str_) { - if (!str) { + if (!str_) { x->SetLength(0); return NS_OK; } + JS::RootedString str(JSD_GetJSRuntime(aCx), str_); AutoSafeJSContext cx; JSAutoCompartment ac(cx, JSD_GetDefaultGlobal(aCx)); // Just in case. size_t length = JS_GetStringEncodingLength(cx, str); @@ -1261,7 +1262,7 @@ jsdScript::GetParameterNames(uint32_t* count, PRUnichar*** paramNames) NS_IMETHODIMP jsdScript::GetFunctionObject(jsdIValue **_rval) { - JSFunction *fun = JSD_GetJSFunction(mCx, mScript); + JS::RootedFunction fun(JSD_GetJSRuntime(mCx), JSD_GetJSFunction(mCx, mScript)); if (!fun) return NS_ERROR_NOT_AVAILABLE; @@ -2114,10 +2115,8 @@ NS_IMETHODIMP jsdValue::GetJsType (uint32_t *_rval) { ASSERT_VALID_EPHEMERAL; - jsval val; + JS::RootedValue val(JSD_GetJSRuntime(mCx), JSD_GetValueWrappedJSVal (mCx, mValue)); - val = JSD_GetValueWrappedJSVal (mCx, mValue); - if (JSVAL_IS_NULL(val)) *_rval = TYPE_NULL; else if (JSVAL_IS_BOOLEAN(val))