Closed
Bug 760131
Opened 13 years ago
Closed 12 years ago
Quickstub argument unwrapping fails for security-wrapped list proxy and paris binding objects
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla16
People
(Reporter: peterv, Assigned: peterv)
References
Details
Attachments
(1 file)
11.47 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
This was the cause of bug 743325.
Assignee | ||
Comment 1•12 years ago
|
||
The main issue was that xpc_qsUnwrapArgImpl didn't unwrap security wrappers before checking mozilla::dom::binding::instanceIsProxy.
Attachment #631104 -
Flags: review?(bzbarsky)
Comment 2•12 years ago
|
||
Comment on attachment 631104 [details] [diff] [review]
v1
Would it make sense to test for IsDOMClass before InstanceIsProxy in both getWrapper and castNative? Which do we think will be more common?
r=me in either case.
Attachment #631104 -
Flags: review?(bzbarsky) → review+
Comment 3•12 years ago
|
||
Comment on attachment 631104 [details] [diff] [review]
v1
Review of attachment 631104 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/xpconnect/src/XPCQuickStubs.cpp
@@ +697,5 @@
> *tearoff = nsnull;
>
> + js::Class* clasp = js::GetObjectClass(obj);
> + if (mozilla::dom::binding::instanceIsProxy(obj) ||
> + mozilla::dom::IsDOMClass(clasp)) {
You can drop the 'mozilla::' here
@@ +754,5 @@
> + if (mozilla::dom::binding::instanceIsProxy(cur)) {
> + native = static_cast<nsISupports*>(js::GetProxyPrivate(cur).toPrivate());
> + entries = nsnull;
> + } else if (mozilla::dom::IsDOMClass(clasp)) {
> + native = mozilla::dom::UnwrapDOMObject<nsISupports>(cur);
And here
@@ +761,4 @@
> native = static_cast<nsISupports*>(xpc_GetJSPrivate(cur));
> entries = GetOffsetsFromSlimWrapper(cur);
> } else {
> + NS_NOTREACHED("what kind of wrapper is this?");
MOZ_NOT_REACHED?
Assignee | ||
Comment 4•12 years ago
|
||
Target Milestone: --- → mozilla16
Comment 5•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•