Closed
Bug 876639
Opened 11 years ago
Closed 11 years ago
Address unsafe references from JS_ParseJSON()
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla24
People
(Reporter: jonco, Assigned: jonco)
References
Details
Attachments
(2 files)
|
7.61 KB,
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
|
9.53 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
JS_ParseJSON is producing a bunch of these warnings. Convert the function to take a MutableHandleValue for its out parameter, and update callers.
|
Assignee | |
Comment 1•11 years ago
|
||
Make JS_ParseJSON() take a MutableHandleValue and update the shell.
Attachment #754777 -
Flags: review?(terrence)
|
|
Assignee | |
Comment 2•11 years ago
|
||
Update references to JS_ParseJSON() in the browser to pass a handle.
|
|
Assignee | |
Comment 3•11 years ago
|
||
Could you suggest reviewer(s) for the second patch?
Flags: needinfo?(continuation)
|
||
Updated•11 years ago
|
Attachment #754779 -
Flags: review?(bugs)
|
|
||
Updated•11 years ago
|
Flags: needinfo?(continuation)
|
||
Updated•11 years ago
|
Attachment #754779 -
Flags: review?(bugs) → review+
|
||
Comment 4•11 years ago
|
||
Comment on attachment 754777 [details] [diff] [review] Fix the shell Review of attachment 754777 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/jsapi.cpp @@ +6366,1 @@ > return true; Can this just be return ParseJSONWithReviver(cx, JS::StableCharPtr(chars, len), len, reviver, value); ?
|
||
Comment 5•11 years ago
|
||
Comment on attachment 754777 [details] [diff] [review] Fix the shell Review of attachment 754777 [details] [diff] [review]: ----------------------------------------------------------------- r=me ::: js/src/jsapi.cpp @@ +6366,1 @@ > return true; It also still needs the AssertHeapIsIdle and CHECK_REQUEST, but what Msger said (assuming he meant to use |vp| directly there).
Attachment #754777 -
Flags: review?(terrence) → review+
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 754777 [details] [diff] [review] Fix the shell Review of attachment 754777 [details] [diff] [review]: ----------------------------------------------------------------- r=me ::: js/src/jsapi.cpp @@ +6366,1 @@ > return true; It also still needs the AssertHeapIsIdle and CHECK_REQUEST, but what Msger said (assuming he meant to use |vp| directly there). ::: js/src/jsapi.h @@ +4477,5 @@ > /* > * JSON.parse as specified by ES5. > */ > JS_PUBLIC_API(JSBool) > +JS_ParseJSON(JSContext *cx, const jschar *chars, uint32_t len, JSMutableHandleValue vp); One other thing occurred to me: we should probably use the external names here so that jsapi.h can serve as a useful example for embedders. So: JS::MutableHandle<JS::Value>. In either case, we should definitely try to kill off JSMutableHandleFoo and use JS::MutableHandleFoo in all places where it comes up.
|
|
Assignee | |
Comment 7•11 years ago
|
||
Updated with review comments and landed. https://hg.mozilla.org/integration/mozilla-inbound/rev/82024a9a3dfd https://hg.mozilla.org/integration/mozilla-inbound/rev/7acdb79e4d71
|
||
Comment 8•11 years ago
|
||
Backed out for B2G breakage: https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=7acdb79e4d71 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/94e4cfd71460 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/036890bc3788
|
|
Assignee | |
Comment 9•11 years ago
|
||
Fixed B2G issue and re-pushed: https://hg.mozilla.org/integration/mozilla-inbound/rev/fd794d7e4fc1 https://hg.mozilla.org/integration/mozilla-inbound/rev/681e65149dd0
|
||
Comment 10•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/fd794d7e4fc1 https://hg.mozilla.org/mozilla-central/rev/681e65149dd0
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in
before you can comment on or make changes to this bug.
Description
•