Bug 396452. Enforce SpiderMonkey request model with assertions. r=mrbkap, sr/a=brendan

2007-09-19 00:26:41 +00:00 · 2007-09-19 00:26:41 +00:00 · 8f7fdb06a8
--- a/content/canvas/src/nsCanvasRenderingContext2D.cpp
+++ b/content/canvas/src/nsCanvasRenderingContext2D.cpp
@ -1885,6 +1885,8 @@ nsCanvasRenderingContext2D::DrawImage()
    if (argc < 3)
        return NS_ERROR_INVALID_ARG;

+    JSAutoRequest ar(ctx);
+
    double sx,sy,sw,sh;
    double dx,dy,dw,dh;

--- a/dom/src/base/nsDOMClassInfo.cpp
+++ b/dom/src/base/nsDOMClassInfo.cpp
@ -8854,6 +8854,8 @@ nsHTMLPluginObjElementSH::GetPluginJSObject(JSContext *cx, JSObject *obj,
  nsCOMPtr<nsIPluginInstanceInternal> plugin_internal =
    do_QueryInterface(plugin_inst);

+  JSAutoRequest ar(cx);
+
  if (plugin_internal) {
    *plugin_obj = plugin_internal->GetJSObject(cx);

--- a/dom/src/base/nsJSEnvironment.cpp
+++ b/dom/src/base/nsJSEnvironment.cpp
@ -1894,6 +1894,8 @@ nsJSContext::BindCompiledEventHandler(nsISupports* aTarget, void *aScope,
  NS_ENSURE_SUCCESS(rv, rv);

  JSObject *funobj = (JSObject*) aHandler;
+  
+  JSAutoRequest ar(mContext);

  NS_ASSERTION(JS_TypeOfValue(mContext, OBJECT_TO_JSVAL(funobj)) == JSTYPE_FUNCTION,
               "Event handler object not a function");
@ -1906,8 +1908,6 @@ nsJSContext::BindCompiledEventHandler(nsISupports* aTarget, void *aScope,
    return NS_ERROR_FAILURE;
  }

-  JSAutoRequest ar(mContext);
-
  // Make sure the handler function is parented by its event target object
  if (funobj) { // && ::JS_GetParent(mContext, funobj) != target) {
    funobj = ::JS_CloneFunctionObject(mContext, funobj, target);
@ -1950,9 +1950,9 @@ nsJSContext::GetBoundEventHandler(nsISupports* aTarget, void *aScope,

    jsval funval;
    if (!JS_LookupProperty(mContext, obj, 
-                             charName, &funval))
+                           charName, &funval))
        return NS_ERROR_FAILURE;
-
+    
    if (JS_TypeOfValue(mContext, funval) != JSTYPE_FUNCTION) {
        NS_WARNING("Event handler object not a function");
        aHandler.drop();
@ -3673,6 +3673,8 @@ nsJSArgArray::nsJSArgArray(JSContext *aContext, PRUint32 argc, jsval *argv,
    *prv = NS_ERROR_OUT_OF_MEMORY;
    return;
  }
+
+  JSAutoRequest ar(aContext);
  for (PRUint32 i = 0; i < argc; ++i) {
    if (argv)
      mArgv[i] = argv[i];
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/src/jsurl/nsJSProtocolHandler.cpp
@ -262,6 +262,7 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel,
        // First check to make sure it's OK to evaluate this script to
        // start with.  For example, script could be disabled.
        JSContext *cx = (JSContext*)scriptContext->GetNativeContext();
+        JSAutoRequest ar(cx);

        PRBool ok;
        rv = securityManager->CanExecuteScripts(cx, principal, &ok);
@ -336,7 +337,9 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel,
        // lose the error), or it might be JS that then proceeds to
        // cause an error of its own (which will also make us lose
        // this error).
-        ::JS_ReportPendingException((JSContext*)scriptContext->GetNativeContext());
+        JSContext *cx = (JSContext*)scriptContext->GetNativeContext();
+        JSAutoRequest ar(cx);
+        ::JS_ReportPendingException(cx);
    }
    
    if (NS_FAILED(rv)) {
--- a/js/src/jsapi.c
+++ b/js/src/jsapi.c
@ -96,8 +96,9 @@
 #define JS_ADDRESSOF_VA_LIST(ap) (&(ap))
 #endif

-#if defined(JS_PARANOID_REQUEST) && defined(JS_THREADSAFE)
-#define CHECK_REQUEST(cx)       JS_ASSERT(cx->requestDepth)
+#if defined(JS_THREADSAFE)
+#define CHECK_REQUEST(cx)                                                   \
+    JS_ASSERT((cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread)
 #else
 #define CHECK_REQUEST(cx)       ((void)0)
 #endif
--- a/js/src/xpconnect/loader/mozJSComponentLoader.cpp
+++ b/js/src/xpconnect/loader/mozJSComponentLoader.cpp
@ -1339,6 +1339,8 @@ mozJSComponentLoader::Import(const nsACString & registryLocation)
    rv = cc->GetJSContext(&cx);
    NS_ENSURE_SUCCESS(rv, rv);

+    JSAutoRequest ar(cx);
+
    JSObject *targetObject = nsnull;

    PRUint32 argc = 0;
@ -1455,6 +1457,8 @@ mozJSComponentLoader::ImportInto(const nsACString & aLocation,

    jsval symbols;
    if (targetObj) {
+        JSAutoRequest ar(mContext);
+
        if (!JS_GetProperty(mContext, mod->global,
                            "EXPORTED_SYMBOLS", &symbols)) {
            return ReportOnCaller(cc, ERROR_NOT_PRESENT,
--- a/js/src/xpconnect/src/xpccomponents.cpp
+++ b/js/src/xpconnect/src/xpccomponents.cpp
@ -2889,6 +2889,8 @@ nsXPCComponents_Utils::ReportError()
    if(NS_FAILED(rv) || !cx)
        return NS_OK;

+    JSAutoRequest ar(cx);
+
    // get argc and argv and verify arg count
    PRUint32 argc;
    rv = cc->GetArgc(&argc);