зеркало из https://github.com/mozilla/pjs.git
bug 580033 - Make JS_Save/RestoreFrameChain set cx->compartment. r=mrbkap
This commit is contained in:
Родитель
f56da5a5ac
Коммит
0b425e3feb
|
@ -1301,8 +1301,8 @@ JS_SetGlobalObject(JSContext *cx, JSObject *obj)
|
|||
CHECK_REQUEST(cx);
|
||||
|
||||
cx->globalObject = obj;
|
||||
if (!cx->maybefp())
|
||||
cx->compartment = obj ? obj->getCompartment() : cx->runtime->defaultCompartment;
|
||||
if (!cx->hasfp())
|
||||
cx->resetCompartment();
|
||||
}
|
||||
|
||||
class AutoResolvingEntry {
|
||||
|
@ -5032,6 +5032,7 @@ JS_RestoreFrameChain(JSContext *cx, JSStackFrame *fp)
|
|||
if (!fp)
|
||||
return;
|
||||
cx->restoreSegment();
|
||||
cx->resetCompartment();
|
||||
}
|
||||
|
||||
/************************************************************************/
|
||||
|
|
|
@ -2049,6 +2049,37 @@ JSContext::JSContext(JSRuntime *rt)
|
|||
busyArrays(this)
|
||||
{}
|
||||
|
||||
void
|
||||
JSContext::resetCompartment()
|
||||
{
|
||||
JSObject *scopeobj;
|
||||
if (hasfp()) {
|
||||
scopeobj = &fp()->scopeChain();
|
||||
} else {
|
||||
scopeobj = globalObject;
|
||||
if (!scopeobj) {
|
||||
compartment = runtime->defaultCompartment;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Innerize. Assert, but check anyway, that this succeeds. (It
|
||||
* can only fail due to bugs in the engine or embedding.)
|
||||
*/
|
||||
OBJ_TO_INNER_OBJECT(this, scopeobj);
|
||||
if (!scopeobj) {
|
||||
/*
|
||||
* Bug. Return NULL, not defaultCompartment, to crash rather
|
||||
* than open a security hole.
|
||||
*/
|
||||
JS_ASSERT(0);
|
||||
compartment = NULL;
|
||||
return;
|
||||
}
|
||||
}
|
||||
compartment = scopeobj->getCompartment();
|
||||
}
|
||||
|
||||
void
|
||||
JSContext::pushSegmentAndFrame(js::StackSegment *newseg, JSFrameRegs &newregs)
|
||||
{
|
||||
|
|
|
@ -2021,9 +2021,14 @@ struct JSContext
|
|||
friend class js::StackSpace;
|
||||
friend bool js::Interpret(JSContext *, JSStackFrame *, uintN, uintN);
|
||||
|
||||
void resetCompartment();
|
||||
|
||||
/* 'regs' must only be changed by calling this function. */
|
||||
void setCurrentRegs(JSFrameRegs *regs) {
|
||||
JS_ASSERT_IF(regs, regs->fp);
|
||||
this->regs = regs;
|
||||
if (!regs)
|
||||
resetCompartment();
|
||||
}
|
||||
|
||||
/* Temporary arena pool used while compiling and decompiling. */
|
||||
|
|
|
@ -325,6 +325,13 @@ AutoCompartment::enter()
|
|||
JS_ASSERT(!entered);
|
||||
if (origin != destination) {
|
||||
LeaveTrace(context);
|
||||
|
||||
#ifdef DEBUG
|
||||
JSCompartment *oldCompartment = context->compartment;
|
||||
context->resetCompartment();
|
||||
wasSane = (context->compartment == oldCompartment);
|
||||
#endif
|
||||
|
||||
context->compartment = destination;
|
||||
JSObject *scopeChain = target->getGlobal();
|
||||
frame.construct();
|
||||
|
@ -344,8 +351,9 @@ AutoCompartment::leave()
|
|||
JS_ASSERT(entered);
|
||||
if (origin != destination) {
|
||||
frame.destroy();
|
||||
context->compartment = origin;
|
||||
origin->wrapException(context);
|
||||
context->resetCompartment();
|
||||
JS_ASSERT_IF(wasSane && context->hasfp(), context->compartment == origin);
|
||||
context->compartment->wrapException(context);
|
||||
}
|
||||
entered = false;
|
||||
}
|
||||
|
|
|
@ -166,6 +166,9 @@ class AutoCompartment
|
|||
JSFrameRegs regs;
|
||||
AutoStringRooter input;
|
||||
bool entered;
|
||||
#ifdef DEBUG
|
||||
bool wasSane;
|
||||
#endif
|
||||
|
||||
public:
|
||||
AutoCompartment(JSContext *cx, JSObject *target);
|
||||
|
|
Загрузка…
Ссылка в новой задаче