[X2Go-Commits] [pale-moon] 09/24: Check for dead wrappers in CallerGetterImpl/CallerSetterImpl.

Thu Apr 25 09:06:07 CEST 2019

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch upstream/28.4.1
in repository pale-moon.

commit f8c7e321a54cad57b0e4428bc159de7a921266bc
Author: wolfbeast <mcwerewolf at wolfbeast.com>
Date:   Fri Mar 22 12:06:40 2019 +0100

    Check for dead wrappers in CallerGetterImpl/CallerSetterImpl.
    
    This also removes code duplication by making CallerSetterImpl call
    CallerGetterImpl.
---
 js/src/jsfun.cpp | 58 ++++++++++++--------------------------------------------
 1 file changed, 12 insertions(+), 46 deletions(-)

diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index 863871d..98311be 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -288,6 +288,12 @@ CallerGetterImpl(JSContext* cx, const CallArgs& args)
             return true;
         }
 
+        if (JS_IsDeadWrapper(callerObj)) {
+            JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+                                      JSMSG_DEAD_OBJECT);
+            return false;
+        }
+
         JSFunction* callerFun = &callerObj->as<JSFunction>();
         MOZ_ASSERT(!callerFun->isBuiltin(), "non-builtin iterator returned a builtin?");
 
@@ -314,54 +320,14 @@ CallerSetterImpl(JSContext* cx, const CallArgs& args)
 {
     MOZ_ASSERT(IsFunction(args.thisv()));
 
-    // Beware!  This function can be invoked on *any* function!  It can't
-    // assume it'll never be invoked on natives, strict mode functions, bound
-    // functions, or anything else that ordinarily has immutable .caller
-    // defined with [[ThrowTypeError]].
-    RootedFunction fun(cx, &args.thisv().toObject().as<JSFunction>());
-    if (!CallerRestrictions(cx, fun))
-        return false;
-
-    // Return |undefined| unless an error must be thrown.
-    args.rval().setUndefined();
-
-    // We can almost just return |undefined| here -- but if the caller function
-    // was strict mode code, we still have to throw a TypeError.  This requires
-    // computing the caller, checking that no security boundaries are crossed,
-    // and throwing a TypeError if the resulting caller is strict.
-
-    NonBuiltinScriptFrameIter iter(cx);
-    if (!AdvanceToActiveCallLinear(cx, iter, fun))
-        return true;
-
-    ++iter;
-    while (!iter.done() && iter.isEvalFrame())
-        ++iter;
-
-    if (iter.done() || !iter.isFunctionFrame())
-        return true;
-
-    RootedObject caller(cx, iter.callee(cx));
-    if (!cx->compartment()->wrap(cx, &caller)) {
-        cx->clearPendingException();
-        return true;
-    }
-
-    // If we don't have full access to the caller, or the caller is not strict,
-    // return undefined.  Otherwise throw a TypeError.
-    JSObject* callerObj = CheckedUnwrap(caller);
-    if (!callerObj)
-        return true;
-
-    JSFunction* callerFun = &callerObj->as<JSFunction>();
-    MOZ_ASSERT(!callerFun->isBuiltin(), "non-builtin iterator returned a builtin?");
-
-    if (callerFun->strict()) {
-        JS_ReportErrorFlagsAndNumberASCII(cx, JSREPORT_ERROR, GetErrorMessage, nullptr,
-                                          JSMSG_CALLER_IS_STRICT);
-        return false;
+    // We just have to return |undefined|, but first we call CallerGetterImpl
+    // because we need the same strict-mode and security checks.
+
+    if (!CallerGetterImpl(cx, args)) {
+        return false;
     }
 
+    args.rval().setUndefined();
     return true;
 }
 

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
