bug 580033 - Make JS_Save/RestoreFrameChain set cx->compartment. r=mrbkap

This commit is contained in:
Jason Orendorff 2010-09-27 18:24:24 -07:00
Родитель f56da5a5ac
Коммит 0b425e3feb
5 изменённых файлов: 52 добавлений и 4 удалений

Просмотреть файл

@ -1301,8 +1301,8 @@ JS_SetGlobalObject(JSContext *cx, JSObject *obj)
CHECK_REQUEST(cx);
cx->globalObject = obj;
if (!cx->maybefp())
cx->compartment = obj ? obj->getCompartment() : cx->runtime->defaultCompartment;
if (!cx->hasfp())
cx->resetCompartment();
}
class AutoResolvingEntry {
@ -5032,6 +5032,7 @@ JS_RestoreFrameChain(JSContext *cx, JSStackFrame *fp)
if (!fp)
return;
cx->restoreSegment();
cx->resetCompartment();
}
/************************************************************************/

Просмотреть файл

@ -2049,6 +2049,37 @@ JSContext::JSContext(JSRuntime *rt)
busyArrays(this)
{}
void
JSContext::resetCompartment()
{
JSObject *scopeobj;
if (hasfp()) {
scopeobj = &fp()->scopeChain();
} else {
scopeobj = globalObject;
if (!scopeobj) {
compartment = runtime->defaultCompartment;
return;
}
/*
* Innerize. Assert, but check anyway, that this succeeds. (It
* can only fail due to bugs in the engine or embedding.)
*/
OBJ_TO_INNER_OBJECT(this, scopeobj);
if (!scopeobj) {
/*
* Bug. Return NULL, not defaultCompartment, to crash rather
* than open a security hole.
*/
JS_ASSERT(0);
compartment = NULL;
return;
}
}
compartment = scopeobj->getCompartment();
}
void
JSContext::pushSegmentAndFrame(js::StackSegment *newseg, JSFrameRegs &newregs)
{

Просмотреть файл

@ -2021,9 +2021,14 @@ struct JSContext
friend class js::StackSpace;
friend bool js::Interpret(JSContext *, JSStackFrame *, uintN, uintN);
void resetCompartment();
/* 'regs' must only be changed by calling this function. */
void setCurrentRegs(JSFrameRegs *regs) {
JS_ASSERT_IF(regs, regs->fp);
this->regs = regs;
if (!regs)
resetCompartment();
}
/* Temporary arena pool used while compiling and decompiling. */

Просмотреть файл

@ -325,6 +325,13 @@ AutoCompartment::enter()
JS_ASSERT(!entered);
if (origin != destination) {
LeaveTrace(context);
#ifdef DEBUG
JSCompartment *oldCompartment = context->compartment;
context->resetCompartment();
wasSane = (context->compartment == oldCompartment);
#endif
context->compartment = destination;
JSObject *scopeChain = target->getGlobal();
frame.construct();
@ -344,8 +351,9 @@ AutoCompartment::leave()
JS_ASSERT(entered);
if (origin != destination) {
frame.destroy();
context->compartment = origin;
origin->wrapException(context);
context->resetCompartment();
JS_ASSERT_IF(wasSane && context->hasfp(), context->compartment == origin);
context->compartment->wrapException(context);
}
entered = false;
}

Просмотреть файл

@ -166,6 +166,9 @@ class AutoCompartment
JSFrameRegs regs;
AutoStringRooter input;
bool entered;
#ifdef DEBUG
bool wasSane;
#endif
public:
AutoCompartment(JSContext *cx, JSObject *target);