зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1706937 - Handle nuked CCWs in JS shell source element hook. r=jandem
While the shell uses a private value on the ScriptSourceObject that always has an "element" property, due to CCW nuking we may wind up with a dead-proxy object instead. Handle this case explicitly to avoid failing asserts below. Differential Revision: https://phabricator.services.mozilla.com/D113876
This commit is contained in:
Родитель
15bcc479cb
Коммит
be9de47e53
|
@ -0,0 +1,14 @@
|
|||
|
||||
let g = newGlobal({newCompartment: true});
|
||||
let d = new Debugger(g);
|
||||
|
||||
g.eval("")
|
||||
let script = d.findScripts()[0];
|
||||
|
||||
nukeAllCCWs()
|
||||
|
||||
// A DeadProxyObject accessing the source-object should not crash.
|
||||
try {
|
||||
let element = script.source.element;
|
||||
} catch (e) {
|
||||
}
|
|
@ -141,6 +141,7 @@
|
|||
#include "js/Warnings.h" // JS::SetWarningReporter
|
||||
#include "js/WasmModule.h" // JS::WasmModule
|
||||
#include "js/Wrapper.h"
|
||||
#include "proxy/DeadObjectProxy.h" // js::IsDeadProxyObject
|
||||
#include "shell/jsoptparse.h"
|
||||
#include "shell/jsshell.h"
|
||||
#include "shell/OSObject.h"
|
||||
|
@ -4722,6 +4723,13 @@ JSObject* GetElementCallback(JSContext* cx, JS::HandleValue value) {
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
// Due to nukeCCW shenanigans in the shell, we need to check for dead-proxy
|
||||
// objects that may have replaced an CCW. Otherwise the GetProperty below
|
||||
// would throw an exception which we do not want to support in this callback.
|
||||
if (js::IsDeadProxyObject(&privateValue.toObject())) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
RootedObject infoObject(cx,
|
||||
CheckedUnwrapStatic(privateValue.toObjectOrNull()));
|
||||
AutoRealm ar(cx, infoObject);
|
||||
|
@ -4737,6 +4745,7 @@ JSObject* GetElementCallback(JSContext* cx, JS::HandleValue value) {
|
|||
if (elementValue.isObject()) {
|
||||
return &elementValue.toObject();
|
||||
}
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче