Bug 908483 - Fix some exact rooting hazards in jsd; r=jonco

js/jsd/jsd_val.cpp

@@ -239,8 +239,8 @@ jsd_GetValueFunctionId(JSDContext* jsdc, JSDValue* jsdval)
 JSDValue*
 jsd_NewValue(JSDContext* jsdc, jsval value)
 {
+    JS::RootedValue val(jsdc->jsrt, value);
     AutoSafeJSContext cx;
-    JS::RootedValue val(cx, value);
     JSDValue* jsdval;
 
     if(!(jsdval = (JSDValue*) calloc(1, sizeof(JSDValue))))
@@ -309,8 +309,9 @@ jsd_GetValueWrappedJSVal(JSDContext* jsdc, JSDValue* jsdval)
     return val;
 }
 
-static JSDProperty* _newProperty(JSDContext* jsdc, JSPropertyDesc* pd,
+static JSDProperty* _newProperty(JSDContext* jsdc, JS::HandleValue propId,
-                                 unsigned additionalFlags)
+                                 JS::HandleValue propValue, JS::HandleValue propAlias,
+                                 uint8_t propFlags, unsigned additionalFlags)
 {
     JSDProperty* jsdprop;
 
@@ -319,16 +320,16 @@ static JSDProperty* _newProperty(JSDContext* jsdc, JSPropertyDesc* pd,
 
     JS_INIT_CLIST(&jsdprop->links);
     jsdprop->nref = 1;
-    jsdprop->flags = pd->flags | additionalFlags;
+    jsdprop->flags = propFlags | additionalFlags;
 
-    if(!(jsdprop->name = jsd_NewValue(jsdc, pd->id)))
+    if(!(jsdprop->name = jsd_NewValue(jsdc, propId)))
         goto new_prop_fail;
 
-    if(!(jsdprop->val = jsd_NewValue(jsdc, pd->value)))
+    if(!(jsdprop->val = jsd_NewValue(jsdc, propValue)))
         goto new_prop_fail;
 
     if((jsdprop->flags & JSDPD_ALIAS) &&
-       !(jsdprop->alias = jsd_NewValue(jsdc, pd->alias)))
+       !(jsdprop->alias = jsd_NewValue(jsdc, propAlias)))
         goto new_prop_fail;
 
     return jsdprop;
@@ -374,9 +375,17 @@ static bool _buildProps(JSDContext* jsdc, JSDValue* jsdval)
         return false;
     }
 
+    JS::RootedValue propId(cx);
+    JS::RootedValue propValue(cx);
+    JS::RootedValue propAlias(cx);
+    uint8_t propFlags;
     for(i = 0; i < pda.length; i++)
     {
-        JSDProperty* prop = _newProperty(jsdc, &pda.array[i], 0);
+        propId = pda.array[i].id;
+        propValue = pda.array[i].value;
+        propAlias = pda.array[i].alias;
+        propFlags = pda.array[i].flags;
+        JSDProperty* prop = _newProperty(jsdc, propId, propValue, propAlias, propFlags, 0);
         if(!prop)
         {
             _freeProps(jsdc, jsdval);
@@ -462,19 +471,22 @@ jsd_IterateProperties(JSDContext* jsdc, JSDValue* jsdval, JSDProperty **iterp)
 JSDProperty*
 jsd_GetValueProperty(JSDContext* jsdc, JSDValue* jsdval, JSString* nameStr)
 {
+    JS::RootedString name(jsdc->jsrt, nameStr);
     AutoSafeJSContext cx;
     JSAutoCompartment acBase(cx, jsdc->glob);
     JSDProperty* jsdprop;
     JSDProperty* iter = NULL;
     JS::RootedObject obj(cx);
-    JS::RootedString name(cx, nameStr);
     unsigned  attrs = 0;
     bool found;
-    JSPropertyDesc pd;
     const jschar * nameChars;
     size_t nameLen;
     JS::RootedValue val(cx), nameval(cx);
     JS::RootedId nameid(cx);
+    JS::RootedValue propId(cx);
+    JS::RootedValue propValue(cx);
+    JS::RootedValue propAlias(cx);
+    uint8_t propFlags;
 
     if(!jsd_IsValueObject(jsdc, jsdval))
         return NULL;
@@ -513,37 +525,36 @@ jsd_GetValueProperty(JSDContext* jsdc, JSDValue* jsdval, JSString* nameStr)
         {
             if (JS_IsExceptionPending(cx))
             {
-                if (!JS_GetPendingException(cx, &pd.value))
+                if (!JS_GetPendingException(cx, propValue.address()))
                 {
                     return NULL;
                 }
-                pd.flags = JSPD_EXCEPTION;
+                propFlags = JSPD_EXCEPTION;
             }
             else
             {
-                pd.flags = JSPD_ERROR;
+                propFlags = JSPD_ERROR;
-                pd.value = JSVAL_VOID;
+                propValue = JSVAL_VOID;
             }
         }
         else
         {
-            pd.value = val;
+            propValue = val;
         }
     }
 
     nameval = STRING_TO_JSVAL(name);
     if (!JS_ValueToId(cx, nameval, nameid.address()) ||
-        !JS_IdToValue(cx, nameid, &pd.id)) {
+        !JS_IdToValue(cx, nameid, propId.address())) {
         return NULL;
     }
 
-    pd.spare = 0;
+    propAlias = JSVAL_NULL;
-    pd.alias = JSVAL_NULL;
+    propFlags |= (attrs & JSPROP_ENUMERATE) ? JSPD_ENUMERATE : 0
-    pd.flags |= (attrs & JSPROP_ENUMERATE) ? JSPD_ENUMERATE : 0
         | (attrs & JSPROP_READONLY)  ? JSPD_READONLY  : 0
         | (attrs & JSPROP_PERMANENT) ? JSPD_PERMANENT : 0;
 
-    return _newProperty(jsdc, &pd, JSDPD_HINTED);
+    return _newProperty(jsdc, propId, propValue, propAlias, propFlags, JSDPD_HINTED);
 }
 
 /*
@@ -655,8 +666,8 @@ jsd_GetValueClassName(JSDContext* jsdc, JSDValue* jsdval)
     jsval val = jsdval->val;
     if(!jsdval->className && !JSVAL_IS_PRIMITIVE(val))
     {
+        JS::RootedObject obj(jsdc->jsrt, JSVAL_TO_OBJECT(val));
         AutoSafeJSContext cx;
-        JS::RootedObject obj(cx, JSVAL_TO_OBJECT(val));
         JSAutoCompartment ac(cx, obj);
         jsdval->className = JS_GetDebugClassName(obj);
     }

js/jsd/jsd_xpc.cpp

@@ -897,12 +897,13 @@ jsdProperty::GetValue(jsdIValue **_rval)
 NS_IMPL_ISUPPORTS2(jsdScript, jsdIScript, jsdIEphemeral)
 
 static NS_IMETHODIMP
-AssignToJSString(JSDContext *aCx, nsACString *x, JSString *str)
+AssignToJSString(JSDContext *aCx, nsACString *x, JSString *str_)
 {
-    if (!str) {
+    if (!str_) {
         x->SetLength(0);
         return NS_OK;
     }
+    JS::RootedString str(JSD_GetJSRuntime(aCx), str_);
     AutoSafeJSContext cx;
     JSAutoCompartment ac(cx, JSD_GetDefaultGlobal(aCx)); // Just in case.
     size_t length = JS_GetStringEncodingLength(cx, str);
@@ -1261,7 +1262,7 @@ jsdScript::GetParameterNames(uint32_t* count, PRUnichar*** paramNames)
 NS_IMETHODIMP
 jsdScript::GetFunctionObject(jsdIValue **_rval)
 {
-    JSFunction *fun = JSD_GetJSFunction(mCx, mScript);
+    JS::RootedFunction fun(JSD_GetJSRuntime(mCx), JSD_GetJSFunction(mCx, mScript));
     if (!fun)
         return NS_ERROR_NOT_AVAILABLE;
 
@@ -2114,9 +2115,7 @@ NS_IMETHODIMP
 jsdValue::GetJsType (uint32_t *_rval)
 {
     ASSERT_VALID_EPHEMERAL;
-    jsval val;
+    JS::RootedValue val(JSD_GetJSRuntime(mCx), JSD_GetValueWrappedJSVal (mCx, mValue));
-
-    val = JSD_GetValueWrappedJSVal (mCx, mValue);
 
     if (JSVAL_IS_NULL(val))
         *_rval = TYPE_NULL;