From 6fd0c4d072cc10d25d4f545b80a0b11fcca41e2e Mon Sep 17 00:00:00 2001 From: Steve Fink Date: Fri, 20 Dec 2013 15:58:36 -0800 Subject: [PATCH] Bug 952682 - New hazards in storage code, r=terrence --- storage/src/mozStorageAsyncStatementParams.cpp | 8 +++++--- storage/src/mozStorageStatementRow.cpp | 6 ++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/storage/src/mozStorageAsyncStatementParams.cpp b/storage/src/mozStorageAsyncStatementParams.cpp index c69ab239ae20..b9d802df89af 100644 --- a/storage/src/mozStorageAsyncStatementParams.cpp +++ b/storage/src/mozStorageAsyncStatementParams.cpp @@ -93,6 +93,8 @@ AsyncStatementParams::NewResolve( bool *_retval ) { + JS::Rooted scopeObj(aCtx, aScopeObj); + NS_ENSURE_TRUE(mStatement, NS_ERROR_NOT_INITIALIZED); // We do not throw at any point after this because we want to allow the // prototype chain to be checked for the property. @@ -103,7 +105,7 @@ AsyncStatementParams::NewResolve( uint32_t idx = JSID_TO_INT(aId); // All indexes are good because we don't know how many parameters there // really are. - ok = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nullptr, + ok = ::JS_DefineElement(aCtx, scopeObj, idx, JSVAL_VOID, nullptr, nullptr, 0); resolved = true; } @@ -111,13 +113,13 @@ AsyncStatementParams::NewResolve( // We are unable to tell if there's a parameter with this name and so // we must assume that there is. This screws the rest of the prototype // chain, but people really shouldn't be depending on this anyways. - ok = ::JS_DefinePropertyById(aCtx, aScopeObj, aId, JSVAL_VOID, nullptr, + ok = ::JS_DefinePropertyById(aCtx, scopeObj, aId, JSVAL_VOID, nullptr, nullptr, 0); resolved = true; } *_retval = ok; - *_objp = resolved && ok ? aScopeObj : nullptr; + *_objp = resolved && ok ? scopeObj.get() : nullptr; return NS_OK; } diff --git a/storage/src/mozStorageStatementRow.cpp b/storage/src/mozStorageStatementRow.cpp index 5ebd6b161ac8..a5a87b46d72c 100644 --- a/storage/src/mozStorageStatementRow.cpp +++ b/storage/src/mozStorageStatementRow.cpp @@ -123,6 +123,8 @@ StatementRow::NewResolve(nsIXPConnectWrappedNative *aWrapper, JSObject **_objp, bool *_retval) { + JS::Rooted scopeObj(aCtx, aScopeObj); + NS_ENSURE_TRUE(mStatement, NS_ERROR_NOT_INITIALIZED); // We do not throw at any point after this because we want to allow the // prototype chain to be checked for the property. @@ -142,9 +144,9 @@ StatementRow::NewResolve(nsIXPConnectWrappedNative *aWrapper, return NS_OK; } - *_retval = ::JS_DefinePropertyById(aCtx, aScopeObj, aId, JSVAL_VOID, + *_retval = ::JS_DefinePropertyById(aCtx, scopeObj, aId, JSVAL_VOID, nullptr, nullptr, 0); - *_objp = aScopeObj; + *_objp = scopeObj; return NS_OK; }