Bug 993085 - Part 0: Freeze SavedFrame and SavedFrame.prototype r=jimb
authorWes Kocher <wkocher@mozilla.com>
Fri, 18 Jul 2014 13:48:06 -0700
changeset 195386 fc6148c470212fa31f195095cbdd2574e8633825
parent 195385 fd4c9f4cd1f0b4b1436e15a16b81aa2363ecaa7f
child 195387 c5bb52570f8f6feef2ae475e55e1f275768b0ca9
push id46577
push userkwierso@gmail.com
push dateTue, 22 Jul 2014 01:29:06 +0000
treeherdermozilla-inbound@08c5f5e266c5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimb
bugs993085
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 993085 - Part 0: Freeze SavedFrame and SavedFrame.prototype r=jimb
js/src/jit-test/tests/saved-stacks/stacks-are-frozen.js
js/src/vm/SavedStacks.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/saved-stacks/stacks-are-frozen.js
@@ -0,0 +1,17 @@
+// Test that SavedFrame instances are frozen and can't be messed with.
+
+// Strict mode so that mutating frozen objects doesn't silently fail.
+"use strict";
+
+const s = saveStack();
+
+load(libdir + 'asserts.js');
+
+assertThrowsInstanceOf(() => s.source = "fake.url",
+                       TypeError);
+
+assertThrowsInstanceOf(() => {
+  Object.defineProperty(s.__proto__, "line", {
+    get: () => 0
+  })
+}, TypeError);
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@@ -577,17 +577,18 @@ SavedStacks::getOrCreateSavedFrameProtot
     if (!global)
         return nullptr;
 
     RootedObject proto(cx, NewObjectWithGivenProto(cx, &SavedFrame::class_,
                                                    global->getOrCreateObjectPrototype(cx),
                                                    global));
     if (!proto
         || !JS_DefineProperties(cx, proto, SavedFrame::properties)
-        || !JS_DefineFunctions(cx, proto, SavedFrame::methods))
+        || !JS_DefineFunctions(cx, proto, SavedFrame::methods)
+        || !JSObject::freeze(cx, proto))
         return nullptr;
 
     savedFrameProto = proto;
     // The only object with the SavedFrame::class_ that doesn't have a source
     // should be the prototype.
     savedFrameProto->setReservedSlot(SavedFrame::JSSLOT_SOURCE, NullValue());
     return savedFrameProto;
 }
@@ -609,16 +610,19 @@ SavedStacks::createFrameFromLookup(JSCon
 
     RootedObject frameObj(cx, NewObjectWithGivenProto(cx, &SavedFrame::class_, proto, global));
     if (!frameObj)
         return nullptr;
 
     SavedFrame &f = frameObj->as<SavedFrame>();
     f.initFromLookup(lookup);
 
+    if (!JSObject::freeze(cx, frameObj))
+        return nullptr;
+
     return &f;
 }
 
 /*
  * Remove entries from the table whose JSScript is being collected.
  */
 void
 SavedStacks::sweepPCLocationMap()