Closed Bug 919259 Opened 8 years ago Closed 3 years ago

Structured clone of neutered Transferables (detached ArrayBuffer, closed MessagePort, neutered ImageBitmap/CanvasProxy, &c.) should throw

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1448522

People

(Reporter: sfink, Unassigned)

Details

According to http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#safe-passing-of-structured-data (the ArrayBuffer case), trying to clone a neutered ArrayBuffer should throw an exception. Currently, we can't distinguish a neutered buffer from a zero-length buffer, and there are few places to stash an extra bit.

This is a followup bug to bug 861925, but I think the problem is preexisting.
Assignee: general → nobody
Two shell testcases to consider.

  // TEST 1
  var ab = new ArrayBuffer(8);
  detachArrayBuffer(ab, "change-data");
  serialize(ab, []); // should throw a TypeError

This is easily fixt by changing JSStructuredCloneWriter::startWrite's JS_IsArrayBufferObject case-handling.

  // TEST 2
  var ab = new ArrayBuffer(8);
  detachArrayBuffer(ab, "change-data");
  serialize(ab, [ab]);

But this case is trickier.  The ArrayBuffer is written during parsing of the transferables list -- entirely separate code from the startWrite() method above.  So that code would need a similar check in it, approximately.

But that raises another issue: this problem really can't be limited to just ArrayBuffer, as the spec describes other things as being neuterable/transferable.  So we'd need a separate set of checks, sometimes duplicating those in startWrite(), to handle all such possibilities here.

Not sure on the easiest fix for all this.  It may be about time to make isNeutered() and something like writeForCloning() into MOP operations.  Or we could just have a massive thing that checks for all neutered transferables in the other location, still.  Or I dunno.
Summary: Structured clone of neutered buffers should throw → Structured clone of neutered Transferables (detached ArrayBuffer, closed MessagePort, neutered ImageBitmap/CanvasProxy, &c.) should throw
A cross-cutting concern but somewhat related: if you're redoing this code anyway, there's going to have to be a notion of stuff that cannot be transfered cross-process, bug 1232973, notably the first patch on that bug shows WIP.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1448522
You need to log in before you can comment on or make changes to this bug.