author | Boris Zbarsky <bzbarsky@mit.edu> |
Wed, 16 Apr 2014 15:09:23 -0400 | |
changeset 179099 | 00e2d9fabb8253d0f31b18737b9031879780fd77 |
parent 179098 | 5d75982d37a537f2b686243a4d336bbf2c9c83cd |
child 179100 | e8fb458e5d0fb6210aa908bb8aae8bf398ddcf07 |
push id | 26607 |
push user | ryanvm@gmail.com |
push date | Fri, 18 Apr 2014 02:31:26 +0000 |
treeherder | mozilla-central@7fe3ee0cf8be [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | baku |
bugs | 995295 |
milestone | 31.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/dom/base/Console.cpp +++ b/dom/base/Console.cpp @@ -989,16 +989,28 @@ Console::ProcessCallData(ConsoleCallData else if (aData->mMethodName == MethodTimeEnd && !aData->mArguments.IsEmpty()) { event.mTimer = StopTimer(cx, aData->mArguments[0], aData->mMonotonicTimer); } else if (aData->mMethodName == MethodCount) { event.mCounter = IncreaseCounter(cx, frame, aData->mArguments); } + // We want to create a console event object and pass it to our + // nsIConsoleAPIStorage implementation. We want to define some accessor + // properties on this object, and those will need to keep an nsIStackFrame + // alive. But nsIStackFrame cannot be wrapped in an untrusted scope. And + // further, passing untrusted objects to system code is likely to run afoul of + // Object Xrays. So we want to wrap in a system-principal scope here. But + // which one? We could cheat and try to get the underlying JSObject* of + // mStorage, but that's a bit fragile. Instead, we just use the junk scope, + // with explicit permission from the XPConnect module owner. If you're + // tempted to do that anywhere else, talk to said module owner first. + JSAutoCompartment ac2(cx, xpc::GetJunkScope()); + JS::Rooted<JS::Value> eventValue(cx); if (!event.ToObject(cx, &eventValue)) { Throw(cx, NS_ERROR_FAILURE); return; } JS::Rooted<JSObject*> eventObj(cx, &eventValue.toObject()); MOZ_ASSERT(eventObj);