Closed Bug 867204 Opened 6 years ago Closed 6 years ago

Don't use jsdbgapi in IDBFactory

Categories

(Core :: DOM: IndexedDB, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla23

People

(Reporter: mccr8, Assigned: mccr8)

References

Details

Attachments

(1 file)

I noticed the other day that IDBFactory calls JS_UnwrapObject, which is actually a jsdbgapi.h call, not a normal API (defined as js::UncheckedUnwrap).  That seems weird.  Presumably there's some XPConnect function that should be called instead?

226   // The CreateSandbox call returns a proxy to the actual sandbox object. We
227   // don't need a proxy here.
228   global = JS_UnwrapObject(global);

Marking as security sensitive in case the existing code is really dangerous. :)
This isn't a security issue - the code just wants to create a sandbox an then enter the compartment of the sandbox. But the code shouldn't be using jsdbapi either.

This call should be replaced with js::UncheckedUnwrap(obj).
Group: core-security
Assignee: nobody → continuation
Attached patch delta conversionSplinter Review
Attachment #743745 - Flags: review?(khuey)
Comment on attachment 743745 [details] [diff] [review]
delta conversion

302 bholley
Attachment #743745 - Flags: review?(khuey) → review?(bobbyholley+bmo)
Attachment #743745 - Flags: review?(bobbyholley+bmo) → review+
Can you remove the jsdbgapi version?
(In reply to ben turner [:bent] from comment #4)
> Can you remove the jsdbgapi version?

Looks like all the callers are now C++ (there used to be some C ones), so that should be fine. Andrew, are you willing to add such a patch to this bug?
Blocks: 867350
Filed bug 867350 for removing the two unwrap functions there.
https://hg.mozilla.org/mozilla-central/rev/6982875b0dfd
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
You need to log in before you can comment on or make changes to this bug.