From ff6faa4cdfa96e071712591be20ed4750acfa1d2 Mon Sep 17 00:00:00 2001 From: "sayrer%gmail.com" Date: Wed, 19 Sep 2007 00:26:41 +0000 Subject: [PATCH] Bug 396452. Enforce SpiderMonkey request model with assertions. r=mrbkap, sr/a=brendan git-svn-id: svn://10.0.0.236/trunk@236271 18797224-902f-48f8-a5cc-f745e15eee43 --- .../content/canvas/src/nsCanvasRenderingContext2D.cpp | 2 ++ mozilla/dom/src/base/nsDOMClassInfo.cpp | 2 ++ mozilla/dom/src/base/nsJSEnvironment.cpp | 10 ++++++---- mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp | 5 ++++- mozilla/js/src/jsapi.c | 5 +++-- .../js/src/xpconnect/loader/mozJSComponentLoader.cpp | 4 ++++ mozilla/js/src/xpconnect/src/xpccomponents.cpp | 2 ++ 7 files changed, 23 insertions(+), 7 deletions(-) diff --git a/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp b/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp index d3a10789df5..ee767cf9ead 100644 --- a/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp +++ b/mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp @@ -1885,6 +1885,8 @@ nsCanvasRenderingContext2D::DrawImage() if (argc < 3) return NS_ERROR_INVALID_ARG; + JSAutoRequest ar(ctx); + double sx,sy,sw,sh; double dx,dy,dw,dh; diff --git a/mozilla/dom/src/base/nsDOMClassInfo.cpp b/mozilla/dom/src/base/nsDOMClassInfo.cpp index 52de671e6f9..5c18513040b 100644 --- a/mozilla/dom/src/base/nsDOMClassInfo.cpp +++ b/mozilla/dom/src/base/nsDOMClassInfo.cpp @@ -8854,6 +8854,8 @@ nsHTMLPluginObjElementSH::GetPluginJSObject(JSContext *cx, JSObject *obj, nsCOMPtr plugin_internal = do_QueryInterface(plugin_inst); + JSAutoRequest ar(cx); + if (plugin_internal) { *plugin_obj = plugin_internal->GetJSObject(cx); diff --git a/mozilla/dom/src/base/nsJSEnvironment.cpp b/mozilla/dom/src/base/nsJSEnvironment.cpp index 4ab94b066bc..db881ffc935 100644 --- a/mozilla/dom/src/base/nsJSEnvironment.cpp +++ b/mozilla/dom/src/base/nsJSEnvironment.cpp @@ -1894,6 +1894,8 @@ nsJSContext::BindCompiledEventHandler(nsISupports* aTarget, void *aScope, NS_ENSURE_SUCCESS(rv, rv); JSObject *funobj = (JSObject*) aHandler; + + JSAutoRequest ar(mContext); NS_ASSERTION(JS_TypeOfValue(mContext, OBJECT_TO_JSVAL(funobj)) == JSTYPE_FUNCTION, "Event handler object not a function"); @@ -1906,8 +1908,6 @@ nsJSContext::BindCompiledEventHandler(nsISupports* aTarget, void *aScope, return NS_ERROR_FAILURE; } - JSAutoRequest ar(mContext); - // Make sure the handler function is parented by its event target object if (funobj) { // && ::JS_GetParent(mContext, funobj) != target) { funobj = ::JS_CloneFunctionObject(mContext, funobj, target); @@ -1950,9 +1950,9 @@ nsJSContext::GetBoundEventHandler(nsISupports* aTarget, void *aScope, jsval funval; if (!JS_LookupProperty(mContext, obj, - charName, &funval)) + charName, &funval)) return NS_ERROR_FAILURE; - + if (JS_TypeOfValue(mContext, funval) != JSTYPE_FUNCTION) { NS_WARNING("Event handler object not a function"); aHandler.drop(); @@ -3673,6 +3673,8 @@ nsJSArgArray::nsJSArgArray(JSContext *aContext, PRUint32 argc, jsval *argv, *prv = NS_ERROR_OUT_OF_MEMORY; return; } + + JSAutoRequest ar(aContext); for (PRUint32 i = 0; i < argc; ++i) { if (argv) mArgv[i] = argv[i]; diff --git a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp index db26bb3d2ff..b8f1bbf4d11 100644 --- a/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp +++ b/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp @@ -262,6 +262,7 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel, // First check to make sure it's OK to evaluate this script to // start with. For example, script could be disabled. JSContext *cx = (JSContext*)scriptContext->GetNativeContext(); + JSAutoRequest ar(cx); PRBool ok; rv = securityManager->CanExecuteScripts(cx, principal, &ok); @@ -336,7 +337,9 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel, // lose the error), or it might be JS that then proceeds to // cause an error of its own (which will also make us lose // this error). - ::JS_ReportPendingException((JSContext*)scriptContext->GetNativeContext()); + JSContext *cx = (JSContext*)scriptContext->GetNativeContext(); + JSAutoRequest ar(cx); + ::JS_ReportPendingException(cx); } if (NS_FAILED(rv)) { diff --git a/mozilla/js/src/jsapi.c b/mozilla/js/src/jsapi.c index d046a4868fe..429c480d6ff 100644 --- a/mozilla/js/src/jsapi.c +++ b/mozilla/js/src/jsapi.c @@ -96,8 +96,9 @@ #define JS_ADDRESSOF_VA_LIST(ap) (&(ap)) #endif -#if defined(JS_PARANOID_REQUEST) && defined(JS_THREADSAFE) -#define CHECK_REQUEST(cx) JS_ASSERT(cx->requestDepth) +#if defined(JS_THREADSAFE) +#define CHECK_REQUEST(cx) \ + JS_ASSERT((cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread) #else #define CHECK_REQUEST(cx) ((void)0) #endif diff --git a/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp b/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp index 1dc4ad1131f..24d1377ffc0 100644 --- a/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp +++ b/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.cpp @@ -1339,6 +1339,8 @@ mozJSComponentLoader::Import(const nsACString & registryLocation) rv = cc->GetJSContext(&cx); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + JSObject *targetObject = nsnull; PRUint32 argc = 0; @@ -1455,6 +1457,8 @@ mozJSComponentLoader::ImportInto(const nsACString & aLocation, jsval symbols; if (targetObj) { + JSAutoRequest ar(mContext); + if (!JS_GetProperty(mContext, mod->global, "EXPORTED_SYMBOLS", &symbols)) { return ReportOnCaller(cc, ERROR_NOT_PRESENT, diff --git a/mozilla/js/src/xpconnect/src/xpccomponents.cpp b/mozilla/js/src/xpconnect/src/xpccomponents.cpp index cee5ac3f044..85e114d1aac 100644 --- a/mozilla/js/src/xpconnect/src/xpccomponents.cpp +++ b/mozilla/js/src/xpconnect/src/xpccomponents.cpp @@ -2889,6 +2889,8 @@ nsXPCComponents_Utils::ReportError() if(NS_FAILED(rv) || !cx) return NS_OK; + JSAutoRequest ar(cx); + // get argc and argv and verify arg count PRUint32 argc; rv = cc->GetArgc(&argc);