867204 - Don't use jsdbgapi in IDBFactory

Status: RESOLVED FIXED

(Core :: Storage: IndexedDB, defect)

Description

[Andrew McCreight [:mccr8]]

I noticed the other day that IDBFactory calls JS_UnwrapObject, which is actually a jsdbgapi.h call, not a normal API (defined as js::UncheckedUnwrap).  That seems weird.  Presumably there's some XPConnect function that should be called instead?

226   // The CreateSandbox call returns a proxy to the actual sandbox object. We
227   // don't need a proxy here.
228   global = JS_UnwrapObject(global);

Marking as security sensitive in case the existing code is really dangerous. :)

Comment 1

[Bobby Holley (:bholley)]

This isn't a security issue - the code just wants to create a sandbox an then enter the compartment of the sandbox. But the code shouldn't be using jsdbapi either.

This call should be replaced with js::UncheckedUnwrap(obj).

Comment 2

[Andrew McCreight [:mccr8]]

Attachment: delta conversion

Comment 3

[Kyle Huey (Exited; not receiving bugmail, old account, do not use)]

Comment on attachment 743745 [details] [diff] [review]
delta conversion

302 bholley

Comment 4

[Ben Turner (not reading bugmail, use the needinfo flag!)]

Can you remove the jsdbgapi version?

Comment 5

[Bobby Holley (:bholley)]

(In reply to ben turner [:bent] from comment #4)
> Can you remove the jsdbgapi version?

Looks like all the callers are now C++ (there used to be some C ones), so that should be fine. Andrew, are you willing to add such a patch to this bug?

Comment 6

[Andrew McCreight [:mccr8]]

Filed bug 867350 for removing the two unwrap functions there.

Comment 7

[Andrew McCreight [:mccr8]]

try: https://tbpl.mozilla.org/?tree=Try&rev=0e536afd216b

https://hg.mozilla.org/integration/mozilla-inbound/rev/6982875b0dfd

Comment 8

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/6982875b0dfd