Closed
Bug 705344
Opened 13 years ago
Closed 13 years ago
Use IDL for Components.(utils.)lookupMethod
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla11
People
(Reporter: Ms2ger, Assigned: Ms2ger)
References
Details
Attachments
(1 file)
9.45 KB,
patch
|
bholley
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Attachment #576974 -
Flags: review?(bobbyholley+bmo)
Comment 1•13 years ago
|
||
Comment on attachment 576974 [details] [diff] [review]
Patch v1
If you enter a request also enter a compartment. However is the auto request actually needed?
Attachment #576974 -
Flags: review?(bobbyholley+bmo) → review-
Assignee | ||
Comment 2•13 years ago
|
||
No idea, this is pre-existing code.
Assignee | ||
Updated•13 years ago
|
Attachment #576974 -
Flags: review- → review?(bobbyholley+bmo)
Comment 3•13 years ago
|
||
Comment on attachment 576974 [details] [diff] [review]
Patch v1
I'm hoping this method will go away entirely (see bug693733 comment 13). But in the mean time, this is a righteous change. :-)
Also, I'm not too worried about Andreas' comment, since the code stays the same, and requests are going away anyway in 8 weeks.
>- argv[0] = OBJECT_TO_JSVAL(obj);
>- rv = nsXPConnect::GetXPConnect()->GetJSObjectOfWrapper(cx, obj, &obj);
>+ nsresult rv = nsXPConnect::GetXPConnect()->GetJSObjectOfWrapper(aCx, obj, &obj);
> if (NS_FAILED(rv))
> return rv;
Looks like we've been assuming nsXPConnect::GetXPConnect() is never null here, which is a likely indicator that the thing in bug 705333 is ok.
r=bholley.
Attachment #576974 -
Flags: review?(bobbyholley+bmo) → review+
Comment 4•13 years ago
|
||
As mentioned in bug 705333, the aFoo argument naming convention needs to be removed here as well.
Assignee | ||
Comment 5•13 years ago
|
||
Looks like you were right after all: https://tbpl.mozilla.org/php/getParsedLog.php?id=7722856&tree=Try
Comment 6•13 years ago
|
||
I'm totally confused - where in the removed code was the compartment being entered?
Assignee | ||
Comment 7•13 years ago
|
||
No idea; I'm removing this code, not claiming to understand what it does :)
Comment 8•13 years ago
|
||
Comment on attachment 576974 [details] [diff] [review]
Patch v1
Ah, right.
>+ nsresult rv = nsXPConnect::GetXPConnect()->GetJSObjectOfWrapper(aCx, obj, &obj);
So this call, among other things, strips security wrappers (including cross-compartment wrappers) off of |obj|...
>- if (!member->NewFunctionObject(inner_cc, iface,
>- JSVAL_TO_OBJECT(argv[0]),
>- &funval))
>+ if (!member->NewFunctionObject(inner_cc, iface, obj, &funval))
which is precisely why the old code here passes the original argument, rather than obj (which has been clandestinely mutated).
So that needs to be fixed. This was hard to catch because the change in obj happened without any explicit assignment. So let's fix it by introducing a new JSObject called unwrappedObj (or something), and doing GetJSObjectOfWrapper(aCx, obj, &unwrappedObj);
Assignee | ||
Comment 9•13 years ago
|
||
Eek! Thanks for catching that.
Assignee | ||
Comment 10•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
You need to log in
before you can comment on or make changes to this bug.
Description
•