Bug 1510760, part 3 - Thread the transplant object into the prewrap hook. r=tcampbell

In a later patch, the prewrap hook will need to know the address of the object we are eventually going to transplant into. In the non-transplant case, the value will be null. Differential Revision: https://phabricator.services.mozilla.com/D37597 --HG-- extra : moz-landing-system : lando
2019-07-18 19:36:15 +00:00 · 2019-07-18 19:36:15 +00:00 · 7e9fda9efb
--- a/js/src/jsapi-tests/testBug604087.cpp
+++ b/js/src/jsapi-tests/testBug604087.cpp
@ -25,7 +25,8 @@ static JSObject* wrap(JSContext* cx, JS::HandleObject toWrap,
  return wrapper;
 }

-static void PreWrap(JSContext* cx, JS::HandleObject scope, JS::HandleObject obj,
+static void PreWrap(JSContext* cx, JS::HandleObject scope,
+                    JS::HandleObject origObj, JS::HandleObject obj,
                    JS::HandleObject objectPassedToWrap,
                    JS::MutableHandleObject retObj) {
  JS_GC(cx);
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@ -189,9 +189,12 @@ typedef JSObject* (*JSWrapObjectCallback)(JSContext* cx,
 /**
 * Callback used by the wrap hook to ask the embedding to prepare an object
 * for wrapping in a context. This might include unwrapping other wrappers
- * or even finding a more suitable object for the new compartment.
+ * or even finding a more suitable object for the new compartment. If |origObj|
+ * is non-null, then it is the original object we are going to swap into during
+ * a transplant.
 */
 typedef void (*JSPreWrapCallback)(JSContext* cx, JS::HandleObject scope,
+                                  JS::HandleObject origObj,
                                  JS::HandleObject obj,
                                  JS::HandleObject objectPassedToWrap,
                                  JS::MutableHandleObject retObj);
--- a/js/src/vm/Compartment.cpp
+++ b/js/src/vm/Compartment.cpp
@ -185,7 +185,7 @@ bool Compartment::wrap(JSContext* cx, MutableHandleBigInt bi) {
 }

 bool Compartment::getNonWrapperObjectForCurrentCompartment(
-    JSContext* cx, MutableHandleObject obj) {
+    JSContext* cx, HandleObject origObj, MutableHandleObject obj) {
  // Ensure that we have entered a realm.
  MOZ_ASSERT(cx->global());

@ -263,7 +263,7 @@ bool Compartment::getNonWrapperObjectForCurrentCompartment(
    return false;
  }
  if (preWrap) {
-    preWrap(cx, cx->global(), obj, objectPassedToWrap, obj);
+    preWrap(cx, cx->global(), origObj, obj, objectPassedToWrap, obj);
    if (!obj) {
      return false;
    }
@ -330,7 +330,8 @@ bool Compartment::wrap(JSContext* cx, MutableHandleObject obj) {

  // The passed object may already be wrapped, or may fit a number of special
  // cases that we need to check for and manually correct.
-  if (!getNonWrapperObjectForCurrentCompartment(cx, obj)) {
+  if (!getNonWrapperObjectForCurrentCompartment(cx, /* origObj = */ nullptr,
+                                                obj)) {
    return false;
  }

@ -368,8 +369,11 @@ bool Compartment::rewrap(JSContext* cx, MutableHandleObject obj,
  }

  // The passed object may already be wrapped, or may fit a number of special
-  // cases that we need to check for and manually correct.
-  if (!getNonWrapperObjectForCurrentCompartment(cx, obj)) {
+  // cases that we need to check for and manually correct. We pass in
+  // |existingArg| instead of |existing|, because the purpose is to get the
+  // address of the object we are transplanting onto, not to find a wrapper
+  // to reuse.
+  if (!getNonWrapperObjectForCurrentCompartment(cx, existingArg, obj)) {
    return false;
  }

--- a/js/src/vm/Compartment.h
+++ b/js/src/vm/Compartment.h
@ -568,6 +568,7 @@ class JS::Compartment {

 private:
  bool getNonWrapperObjectForCurrentCompartment(JSContext* cx,
+                                                js::HandleObject origObj,
                                                js::MutableHandleObject obj);
  bool getOrCreateWrapper(JSContext* cx, js::HandleObject existing,
                          js::MutableHandleObject obj);
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@ -153,6 +153,7 @@ inline bool ShouldWaiveXray(JSContext* cx, JSObject* originalObj) {
 }

 void WrapperFactory::PrepareForWrapping(JSContext* cx, HandleObject scope,
+                                        HandleObject origObj,
                                        HandleObject objArg,
                                        HandleObject objectPassedToWrap,
                                        MutableHandleObject retObj) {
--- a/js/xpconnect/wrappers/WrapperFactory.h
+++ b/js/xpconnect/wrappers/WrapperFactory.h
@ -89,7 +89,7 @@ class WrapperFactory {

  // Prepare a given object for wrapping in a new compartment.
  static void PrepareForWrapping(JSContext* cx, JS::HandleObject scope,
-                                 JS::HandleObject obj,
+                                 JS::HandleObject origObj, JS::HandleObject obj,
                                 JS::HandleObject objectPassedToWrap,
                                 JS::MutableHandleObject retObj);