Closed Bug 760131 Opened 13 years ago Closed 12 years ago

Quickstub argument unwrapping fails for security-wrapped list proxy and paris binding objects

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla16

People

(Reporter: peterv, Assigned: peterv)

References

Details

Attachments

(1 file)

This was the cause of bug 743325.
Blocks: 734503
Attached patch v1Splinter Review
The main issue was that xpc_qsUnwrapArgImpl didn't unwrap security wrappers before checking mozilla::dom::binding::instanceIsProxy.
Attachment #631104 - Flags: review?(bzbarsky)
Comment on attachment 631104 [details] [diff] [review] v1 Would it make sense to test for IsDOMClass before InstanceIsProxy in both getWrapper and castNative? Which do we think will be more common? r=me in either case.
Attachment #631104 - Flags: review?(bzbarsky) → review+
Comment on attachment 631104 [details] [diff] [review] v1 Review of attachment 631104 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/XPCQuickStubs.cpp @@ +697,5 @@ > *tearoff = nsnull; > > + js::Class* clasp = js::GetObjectClass(obj); > + if (mozilla::dom::binding::instanceIsProxy(obj) || > + mozilla::dom::IsDOMClass(clasp)) { You can drop the 'mozilla::' here @@ +754,5 @@ > + if (mozilla::dom::binding::instanceIsProxy(cur)) { > + native = static_cast<nsISupports*>(js::GetProxyPrivate(cur).toPrivate()); > + entries = nsnull; > + } else if (mozilla::dom::IsDOMClass(clasp)) { > + native = mozilla::dom::UnwrapDOMObject<nsISupports>(cur); And here @@ +761,4 @@ > native = static_cast<nsISupports*>(xpc_GetJSPrivate(cur)); > entries = GetOffsetsFromSlimWrapper(cur); > } else { > + NS_NOTREACHED("what kind of wrapper is this?"); MOZ_NOT_REACHED?
Blocks: 750297
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Blocks: 769464
No longer blocks: 769464
Depends on: 769464
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: