Closed Bug 631377 Opened 9 years ago Closed 9 years ago

Add compartment asserts to jsdbgapi.cpp

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: sfink, Assigned: sfink)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fixed-in-tracemonkey])

Attachments

(1 file)

Forked from 630471.

jsdbgapi.cpp is used by JSD as well as XPConnect and several other places. It probably ought to have the same compartment check asserts that jsapi.cpp does.

I'm still not really sure what things need to check, though. I'm trying to use a metric of "can run JS code or set a pending exception" as the rule, but it's not always easy to determine.
Here's a fairly conservative set, where in auditing the code I could see code getting run or exceptions being thrown. Even here, though, I didn't *really* find problems with 100% of these. For example, some of the watch stuff hinges on whether this:

        shape = wp->object->changeProperty(cx, wprop, 0, wprop->attributes(),
                                           wprop->getter(), wp->setter);

is allowed to cross compartments. I said no.
Comment on attachment 509600 [details] [diff] [review]
Conservative set of compartment asserts for jsdbgapi.cpp

This set of asserts hasn't had any false alarms for me for a while, so asking for review. I don't feel any great need to get this in, so I'll let someone else request blocking if they want to. Otherwise, feel free to ignore until post FF4.
Attachment #509600 - Flags: review?(gal)
Attachment #509600 - Flags: review?(gal) → review+
Assignee: general → nobody
Component: JavaScript Engine → JavaScript Debugging APIs
QA Contact: general → jsd
Assignee: nobody → sphink
Depends on: 636907
Blocks: 636907
No longer depends on: 636907
http://hg.mozilla.org/tracemonkey/rev/aef1f7b0af3e
Whiteboard: [fixed-in-tracemonkey]
http://hg.mozilla.org/mozilla-central/rev/aef1f7b0af3e
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
You need to log in before you can comment on or make changes to this bug.