Bug 1152730 - Part 3: Add owner window checks on DOM object operations. r=btseng
authorSamael Wang <freesamael@gmail.com>
Wed, 13 May 2015 11:42:42 +0800
changeset 245634 b2fd7795465fcb37591ebd43f402a50b4042690c
parent 245633 2f971825aba1435a89ff1f6b81153735a5d5a6f7
child 245635 53fa76a84421a4701a01e7fe8d5e3ffb72690048
push id13177
push userkwierso@gmail.com
push dateTue, 26 May 2015 23:26:28 +0000
treeherderfx-team@b991cd5a0ad1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbtseng
bugs1152730
milestone41.0a1
Bug 1152730 - Part 3: Add owner window checks on DOM object operations. r=btseng
dom/mobilemessage/MobileMessageCallback.cpp
dom/mobilemessage/MobileMessageManager.cpp
--- a/dom/mobilemessage/MobileMessageCallback.cpp
+++ b/dom/mobilemessage/MobileMessageCallback.cpp
@@ -90,16 +90,20 @@ MobileMessageCallback::MobileMessageCall
 MobileMessageCallback::~MobileMessageCallback()
 {
 }
 
 
 nsresult
 MobileMessageCallback::NotifySuccess(JS::Handle<JS::Value> aResult, bool aAsync)
 {
+  if (NS_WARN_IF(!mDOMRequest->GetOwner())) {
+    return NS_ERROR_FAILURE;
+  }
+
   if (aAsync) {
     nsCOMPtr<nsIDOMRequestService> rs =
       do_GetService(DOMREQUEST_SERVICE_CONTRACTID);
     NS_ENSURE_TRUE(rs, NS_ERROR_FAILURE);
 
     return rs->FireSuccessAsync(mDOMRequest, aResult);
   }
 
@@ -121,16 +125,20 @@ MobileMessageCallback::NotifySuccess(nsI
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NotifySuccess(wrappedMessage, aAsync);
 }
 
 nsresult
 MobileMessageCallback::NotifyError(int32_t aError, DOMError *aDetailedError, bool aAsync)
 {
+  if (NS_WARN_IF(!mDOMRequest->GetOwner())) {
+    return NS_ERROR_FAILURE;
+  }
+
   if (aAsync) {
     NS_ASSERTION(!aDetailedError,
       "No Support to FireDetailedErrorAsync() in nsIDOMRequestService!");
 
     nsCOMPtr<nsIDOMRequestService> rs =
       do_GetService(DOMREQUEST_SERVICE_CONTRACTID);
     NS_ENSURE_TRUE(rs, NS_ERROR_FAILURE);
 
@@ -151,28 +159,33 @@ NS_IMETHODIMP
 MobileMessageCallback::NotifyMessageSent(nsISupports *aMessage)
 {
   return NotifySuccess(aMessage);
 }
 
 NS_IMETHODIMP
 MobileMessageCallback::NotifySendMessageFailed(int32_t aError, nsISupports *aMessage)
 {
+  nsCOMPtr<nsPIDOMWindow> window = mDOMRequest->GetOwner();
+  if (NS_WARN_IF(!window)) {
+    return NS_ERROR_FAILURE;
+  }
+
   nsRefPtr<DOMMobileMessageError> domMobileMessageError;
   if (aMessage) {
     nsAutoString errorStr = ConvertErrorCodeToErrorString(aError);
     nsCOMPtr<nsIDOMMozSmsMessage> smsMsg = do_QueryInterface(aMessage);
     if (smsMsg) {
       domMobileMessageError =
-        new DOMMobileMessageError(mDOMRequest->GetOwner(), errorStr, smsMsg);
+        new DOMMobileMessageError(window, errorStr, smsMsg);
     }
     else {
       nsCOMPtr<nsIDOMMozMmsMessage> mmsMsg = do_QueryInterface(aMessage);
       domMobileMessageError =
-        new DOMMobileMessageError(mDOMRequest->GetOwner(), errorStr, mmsMsg);
+        new DOMMobileMessageError(window, errorStr, mmsMsg);
     }
     NS_ASSERTION(domMobileMessageError, "Invalid DOMMobileMessageError!");
   }
 
   return NotifyError(aError, domMobileMessageError);
 }
 
 NS_IMETHODIMP
--- a/dom/mobilemessage/MobileMessageManager.cpp
+++ b/dom/mobilemessage/MobileMessageManager.cpp
@@ -123,17 +123,23 @@ MobileMessageManager::GetSegmentInfoForT
                                             ErrorResult& aRv)
 {
   nsCOMPtr<nsISmsService> smsService = do_GetService(SMS_SERVICE_CONTRACTID);
   if (!smsService) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback =
     new MobileMessageCallback(request);
   nsresult rv = smsService->GetSegmentInfoForText(aText, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
@@ -142,17 +148,23 @@ MobileMessageManager::GetSegmentInfoForT
 
 already_AddRefed<DOMRequest>
 MobileMessageManager::Send(nsISmsService* aSmsService,
                            uint32_t aServiceId,
                            const nsAString& aNumber,
                            const nsAString& aText,
                            ErrorResult& aRv)
 {
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback =
     new MobileMessageCallback(request);
 
   // By default, we don't send silent messages via MobileMessageManager.
   nsresult rv = aSmsService->Send(aServiceId, aNumber, aText,
                                   false, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
@@ -243,30 +255,36 @@ MobileMessageManager::SendMMS(const MmsP
   } else {
     rv = mmsService->GetMmsDefaultServiceId(&serviceId);
     if (NS_FAILED(rv)) {
       aRv.Throw(rv);
       return nullptr;
     }
   }
 
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
   AutoJSAPI jsapi;
-  if (NS_WARN_IF(!jsapi.Init(GetOwner()))) {
+  if (NS_WARN_IF(!jsapi.Init(window))) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
   JSContext *cx = jsapi.cx();
   JS::Rooted<JS::Value> val(cx);
   if (!ToJSValue(cx, aParams, &val)) {
     aRv.Throw(NS_ERROR_TYPE_ERR);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback = new MobileMessageCallback(request);
   rv = mmsService->Send(serviceId, val, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
   return request.forget();
@@ -278,17 +296,23 @@ MobileMessageManager::GetMessage(int32_t
 {
   nsCOMPtr<nsIMobileMessageDatabaseService> dbService =
     do_GetService(MOBILE_MESSAGE_DATABASE_SERVICE_CONTRACTID);
   if (!dbService) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback = new MobileMessageCallback(request);
   nsresult rv = dbService->GetMessageMoz(aId, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
   return request.forget();
@@ -301,17 +325,23 @@ MobileMessageManager::Delete(int32_t* aI
 {
   nsCOMPtr<nsIMobileMessageDatabaseService> dbService =
     do_GetService(MOBILE_MESSAGE_DATABASE_SERVICE_CONTRACTID);
   if (!dbService) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback =
     new MobileMessageCallback(request);
 
   nsresult rv = dbService->DeleteMessage(aIdArray, aSize, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
@@ -449,18 +479,24 @@ MobileMessageManager::GetMessages(const 
                                                threadId,
                                                aReverse, cursorCallback,
                                                getter_AddRefs(continueCallback));
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
   cursorCallback->mDOMCursor =
-    new MobileMessageCursor(GetOwner(), continueCallback);
+    new MobileMessageCursor(window, continueCallback);
 
   nsRefPtr<DOMCursor> cursor(cursorCallback->mDOMCursor);
   return cursor.forget();
 }
 
 already_AddRefed<DOMRequest>
 MobileMessageManager::MarkMessageRead(int32_t aId,
                                       bool aValue,
@@ -469,17 +505,23 @@ MobileMessageManager::MarkMessageRead(in
 {
   nsCOMPtr<nsIMobileMessageDatabaseService> dbService =
     do_GetService(MOBILE_MESSAGE_DATABASE_SERVICE_CONTRACTID);
   if (!dbService) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback = new MobileMessageCallback(request);
   nsresult rv = dbService->MarkMessageRead(aId, aValue, aSendReadReport,
                                            msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
@@ -502,34 +544,46 @@ MobileMessageManager::GetThreads(ErrorRe
   nsCOMPtr<nsICursorContinueCallback> continueCallback;
   nsresult rv = dbService->CreateThreadCursor(cursorCallback,
                                               getter_AddRefs(continueCallback));
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
   cursorCallback->mDOMCursor =
-    new MobileMessageCursor(GetOwner(), continueCallback);
+    new MobileMessageCursor(window, continueCallback);
 
   nsRefPtr<DOMCursor> cursor(cursorCallback->mDOMCursor);
   return cursor.forget();
 }
 
 already_AddRefed<DOMRequest>
 MobileMessageManager::RetrieveMMS(int32_t aId,
                                   ErrorResult& aRv)
 {
   nsCOMPtr<nsIMmsService> mmsService = do_GetService(MMS_SERVICE_CONTRACTID);
   if (!mmsService) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback = new MobileMessageCallback(request);
 
   nsresult rv = mmsService->Retrieve(aId, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
@@ -687,17 +741,23 @@ MobileMessageManager::GetSmscAddress(con
   } else {
     rv = smsService->GetSmsDefaultServiceId(&serviceId);
     if (NS_FAILED(rv)) {
       aRv.Throw(rv);
       return nullptr;
     }
   }
 
-  nsRefPtr<DOMRequest> request = new DOMRequest(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsRefPtr<DOMRequest> request = new DOMRequest(window);
   nsCOMPtr<nsIMobileMessageCallback> msgCallback = new MobileMessageCallback(request);
   rv = smsService->GetSmscAddress(serviceId, msgCallback);
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return nullptr;
   }
 
   return request.forget();
@@ -722,17 +782,23 @@ MobileMessageManager::SetSmscAddress(con
   } else {
     rv = smsService->GetSmsDefaultServiceId(&serviceId);
     if (NS_FAILED(rv)) {
       aRv.Throw(rv);
       return nullptr;
     }
   }
 
-  nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(GetOwner());
+  nsCOMPtr<nsPIDOMWindow> window = GetOwner();
+  if (!window) {
+    aRv.Throw(NS_ERROR_FAILURE);
+    return nullptr;
+  }
+
+  nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(window);
   if (!global) {
     aRv.Throw(NS_ERROR_UNEXPECTED);
     return nullptr;
   }
 
   nsRefPtr<Promise> promise = Promise::Create(global, aRv);
   if (aRv.Failed()) {
     return nullptr;