Closed Bug 533882 Opened 15 years ago Closed 14 years ago

Avoid calling into caps when we don't have to in XOWs

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mrbkap, Assigned: mrbkap)

Details

Attachments

(1 file)

Proposed fix
12.44 KB, patch
jst
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
Doing so knocks us off trace.
Attached patch Proposed fixSplinter Review 
Note that our attempts to not fall off trace when executing window.foo are defeated by js_LeaveTraceIfGlobalObject. But this avoids calling into caps when a XOW whose parent (scope) is the same as the object it's wrapping. It's safe to do this because XOWs can't be shared across origins. For the cross-origin, same-scope case, we'll still call into caps, but the security check will pass.
Attachment #416841 - Flags: superreview?(bzbarsky)
Attachment #416841 - Flags: review?(jst)
> For the cross-origin, same-scope case, we'll still call into caps

You meant cross-scope, same-origin?

What's with this js_LeaveTraceIfGlobalObject stuff?  :(
(In reply to comment #2)
> You meant cross-scope, same-origin?

Oops, yes.

> What's with this js_LeaveTraceIfGlobalObject stuff?  :(

I talked with brendan and gal about this yesterday. The problem is that we lazily import global slots into the trace and then only update the slots in the global object after we leave trace. Because of this, we have to bail any time someone aliases the global object. According to gal, it would not be hard to populate the global object with updated values, but we don't do that yet.
Comment on attachment 416841 [details] [diff] [review]
Proposed fix

 UnwrapXOW(JSContext *cx, JSObject *wrapper)
 {
-  wrapper = UnwrapGeneric(cx, &XPCCrossOriginWrapper::XOWClass, wrapper);
+  JSObject *innerObj =
+    UnwrapGeneric(cx, &XPCCrossOriginWrapper::XOWClass, wrapper);
   if (!wrapper) {
     return nsnull;
   }

You want to check innerObj there, not wrapper.

r=jst with that.
Attachment #416841 - Flags: review?(jst) → review+
Comment on attachment 416841 [details] [diff] [review]
Proposed fix

sr=bzbarsky with jst's nit addressed.
Attachment #416841 - Flags: superreview?(bzbarsky) → superreview+
http://hg.mozilla.org/mozilla-central/rev/eea9f123edfe
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: