зеркало из https://github.com/mozilla/pjs.git
Create a more valid pseudo-frame for liveconnect to avoid null ptr dereferences. bug 409720, r=brendan sr=jst a=brendan
This commit is contained in:
mrbkap%gmail.com
Родитель
edf9c1201d
Коммит
8469ca94aa
|
|
@ -278,7 +278,7 @@ js_GetArgsObject(JSContext *cx, JSStackFrame *fp)
|
|||
static JSBool
|
||||
args_enumerate(JSContext *cx, JSObject *obj);
|
||||
|
||||
JSBool
|
||||
JS_FRIEND_API(JSBool)
|
||||
js_PutArgsObject(JSContext *cx, JSStackFrame *fp)
|
||||
{
|
||||
JSObject *argsobj;
|
||||
|
|
@ -589,7 +589,6 @@ js_GetCallObject(JSContext *cx, JSStackFrame *fp, JSObject *parent)
|
|||
callobj = fp->callobj;
|
||||
if (callobj)
|
||||
return callobj;
|
||||
JS_ASSERT(fp->fun);
|
||||
|
||||
/* The default call parent is its function's parent (static link). */
|
||||
if (!parent) {
|
||||
|
|
@ -616,7 +615,7 @@ js_GetCallObject(JSContext *cx, JSStackFrame *fp, JSObject *parent)
|
|||
static JSBool
|
||||
call_enumerate(JSContext *cx, JSObject *obj);
|
||||
|
||||
JSBool
|
||||
JS_FRIEND_API(JSBool)
|
||||
js_PutCallObject(JSContext *cx, JSStackFrame *fp)
|
||||
{
|
||||
JSObject *callobj;
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ js_ReportIsNotFunction(JSContext *cx, jsval *vp, uintN flags);
|
|||
extern JSObject *
|
||||
js_GetCallObject(JSContext *cx, JSStackFrame *fp, JSObject *parent);
|
||||
|
||||
extern JSBool
|
||||
extern JS_FRIEND_API(JSBool)
|
||||
js_PutCallObject(JSContext *cx, JSStackFrame *fp);
|
||||
|
||||
extern JSBool
|
||||
|
|
@ -193,7 +193,7 @@ js_GetArgsProperty(JSContext *cx, JSStackFrame *fp, jsid id, jsval *vp);
|
|||
extern JSObject *
|
||||
js_GetArgsObject(JSContext *cx, JSStackFrame *fp);
|
||||
|
||||
extern JSBool
|
||||
extern JS_FRIEND_API(JSBool)
|
||||
js_PutArgsObject(JSContext *cx, JSStackFrame *fp);
|
||||
|
||||
extern JSBool
|
||||
|
|
|
|||
|
|
@ -53,7 +53,11 @@
|
|||
#include "jsj_private.h"
|
||||
#include "jsjava.h"
|
||||
|
||||
#include "jsdbgapi.h"
|
||||
#include "jsarena.h"
|
||||
#include "jsfun.h"
|
||||
#include "jscntxt.h" /* For js_ReportErrorAgain().*/
|
||||
#include "jsscript.h"
|
||||
|
||||
#include "netscape_javascript_JSObject.h" /* javah-generated headers */
|
||||
#include "nsISecurityContext.h"
|
||||
|
|
@ -174,12 +178,18 @@ AutoPushJSContext::AutoPushJSContext(nsISupports* aSecuritySupports,
|
|||
JSPrincipals* jsprinc;
|
||||
principal->GetJSPrincipals(cx, &jsprinc);
|
||||
|
||||
mFrame.script = JS_CompileScriptForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "", 0, "", 1);
|
||||
JSFunction *fun = JS_CompileFunctionForPrincipals(cx, JS_GetGlobalObject(cx),
|
||||
jsprinc, "anonymous", 0, nsnull,
|
||||
"", 0, "", 1);
|
||||
JSPRINCIPALS_DROP(cx, jsprinc);
|
||||
|
||||
if (mFrame.script)
|
||||
if (fun)
|
||||
{
|
||||
mFrame.fun = fun;
|
||||
mFrame.script = JS_GetFunctionScript(cx, fun);
|
||||
mFrame.pc = mFrame.script->code;
|
||||
mFrame.callee = JS_GetFunctionObject(fun);
|
||||
mFrame.scopeChain = JS_GetParent(cx, mFrame.callee);
|
||||
mFrame.down = cx->fp;
|
||||
cx->fp = &mFrame;
|
||||
}
|
||||
|
|
@ -194,6 +204,11 @@ AutoPushJSContext::~AutoPushJSContext()
|
|||
if (mContextStack)
|
||||
mContextStack->Pop(nsnull);
|
||||
|
||||
if (mFrame.callobj)
|
||||
js_PutCallObject(mContext, &mFrame);
|
||||
if (mFrame.argsobj)
|
||||
js_PutArgsObject(mContext, &mFrame);
|
||||
JS_ClearPendingException(mContext);
|
||||
if (mFrame.script)
|
||||
mContext->fp = mFrame.down;
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче