From f3f1364e6e5f99d96c5dcc00c0923df4ff3ab645 Mon Sep 17 00:00:00 2001 From: Terrence Cole Date: Mon, 16 Dec 2013 14:28:35 -0800 Subject: [PATCH] Bug 950923 - Fix an exact rooting hazard in GlobalObject::getIntrinsicValue; r=sfink --HG-- extra : rebase_source : f49223dbfb97147d43bbf3720098b97e516c406a --- js/src/builtin/Intl.cpp | 10 +++++----- js/src/jit/VMFunctions.cpp | 2 +- js/src/vm/GlobalObject.h | 8 +++++--- js/src/vm/Interpreter-inl.h | 2 +- js/src/vm/SelfHosting.cpp | 2 +- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/js/src/builtin/Intl.cpp b/js/src/builtin/Intl.cpp index da65a0eba838..c4b9b602ad08 100644 --- a/js/src/builtin/Intl.cpp +++ b/js/src/builtin/Intl.cpp @@ -397,7 +397,7 @@ IntlInitialize(JSContext *cx, HandleObject obj, Handle initialize HandleValue locales, HandleValue options) { RootedValue initializerValue(cx); - if (!cx->global()->getIntrinsicValue(cx, initializer, &initializerValue)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), initializer, &initializerValue)) return false; JS_ASSERT(initializerValue.isObject()); JS_ASSERT(initializerValue.toObject().is()); @@ -463,7 +463,7 @@ static bool GetInternals(JSContext *cx, HandleObject obj, MutableHandleObject internals) { RootedValue getInternalsValue(cx); - if (!cx->global()->getIntrinsicValue(cx, cx->names().getInternals, &getInternalsValue)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), cx->names().getInternals, &getInternalsValue)) return false; JS_ASSERT(getInternalsValue.isObject()); JS_ASSERT(getInternalsValue.toObject().is()); @@ -690,7 +690,7 @@ InitCollatorClass(JSContext *cx, HandleObject Intl, Handle global * passing to methods like Array.prototype.sort). */ RootedValue getter(cx); - if (!cx->global()->getIntrinsicValue(cx, cx->names().CollatorCompareGet, &getter)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), cx->names().CollatorCompareGet, &getter)) return nullptr; RootedValue undefinedValue(cx, UndefinedValue()); if (!JSObject::defineProperty(cx, proto, cx->names().compare, undefinedValue, @@ -1178,7 +1178,7 @@ InitNumberFormatClass(JSContext *cx, HandleObject Intl, Handle gl * for passing to methods like Array.prototype.map). */ RootedValue getter(cx); - if (!cx->global()->getIntrinsicValue(cx, cx->names().NumberFormatFormatGet, &getter)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), cx->names().NumberFormatFormatGet, &getter)) return nullptr; RootedValue undefinedValue(cx, UndefinedValue()); if (!JSObject::defineProperty(cx, proto, cx->names().format, undefinedValue, @@ -1635,7 +1635,7 @@ InitDateTimeFormatClass(JSContext *cx, HandleObject Intl, Handle * (suitable for passing to methods like Array.prototype.map). */ RootedValue getter(cx); - if (!cx->global()->getIntrinsicValue(cx, cx->names().DateTimeFormatFormatGet, &getter)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), cx->names().DateTimeFormatFormatGet, &getter)) return nullptr; RootedValue undefinedValue(cx, UndefinedValue()); if (!JSObject::defineProperty(cx, proto, cx->names().format, undefinedValue, diff --git a/js/src/jit/VMFunctions.cpp b/js/src/jit/VMFunctions.cpp index 061f84714bb1..4f87d172c995 100644 --- a/js/src/jit/VMFunctions.cpp +++ b/js/src/jit/VMFunctions.cpp @@ -552,7 +552,7 @@ OperatorInI(JSContext *cx, uint32_t index, HandleObject obj, bool *out) bool GetIntrinsicValue(JSContext *cx, HandlePropertyName name, MutableHandleValue rval) { - if (!cx->global()->getIntrinsicValue(cx, name, rval)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), name, rval)) return false; // This function is called when we try to compile a cold getintrinsic diff --git a/js/src/vm/GlobalObject.h b/js/src/vm/GlobalObject.h index efac12ea59b9..57c13a4c6791 100644 --- a/js/src/vm/GlobalObject.h +++ b/js/src/vm/GlobalObject.h @@ -526,13 +526,15 @@ class GlobalObject : public JSObject return maybeGetIntrinsicValue(NameToId(name), vp); } - bool getIntrinsicValue(JSContext *cx, HandlePropertyName name, MutableHandleValue value) { - if (maybeGetIntrinsicValue(name, value.address())) + static bool getIntrinsicValue(JSContext *cx, Handle global, + HandlePropertyName name, MutableHandleValue value) + { + if (global->maybeGetIntrinsicValue(name, value.address())) return true; if (!cx->runtime()->cloneSelfHostedValue(cx, name, value)) return false; RootedId id(cx, NameToId(name)); - return addIntrinsicValue(cx, id, value); + return global->addIntrinsicValue(cx, id, value); } bool addIntrinsicValue(JSContext *cx, HandleId id, HandleValue value); diff --git a/js/src/vm/Interpreter-inl.h b/js/src/vm/Interpreter-inl.h index 328c96580bc0..cefe234bc064 100644 --- a/js/src/vm/Interpreter-inl.h +++ b/js/src/vm/Interpreter-inl.h @@ -210,7 +210,7 @@ inline bool GetIntrinsicOperation(JSContext *cx, jsbytecode *pc, MutableHandleValue vp) { RootedPropertyName name(cx, cx->currentScript()->getName(pc)); - return cx->global()->getIntrinsicValue(cx, name, vp); + return GlobalObject::getIntrinsicValue(cx, cx->global(), name, vp); } inline bool diff --git a/js/src/vm/SelfHosting.cpp b/js/src/vm/SelfHosting.cpp index 8e46237b5d99..eb1105f6c905 100644 --- a/js/src/vm/SelfHosting.cpp +++ b/js/src/vm/SelfHosting.cpp @@ -1011,7 +1011,7 @@ JSFunction * js::SelfHostedFunction(JSContext *cx, HandlePropertyName propName) { RootedValue func(cx); - if (!cx->global()->getIntrinsicValue(cx, propName, &func)) + if (!GlobalObject::getIntrinsicValue(cx, cx->global(), propName, &func)) return nullptr; JS_ASSERT(func.isObject());