Bug 959705. Fix unsafe reference hazards in xpconnect code. r=bholley
authorBoris Zbarsky <bzbarsky@mit.edu>
Tue, 14 Jan 2014 21:46:44 -0500
changeset 163444 4888ad4664d82680eeb2122c05c4e4b775714838
parent 163443 675b925b575e3e46a037f66061813c360bce9693
child 163445 0e1092eaa8671ece696c7b910bb812f4e6d18e21
push id25996
push useremorley@mozilla.com
push dateWed, 15 Jan 2014 15:54:39 +0000
treeherdermozilla-central@dd2cf81c56b7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs959705
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 959705. Fix unsafe reference hazards in xpconnect code. r=bholley
js/xpconnect/loader/mozJSComponentLoader.cpp
js/xpconnect/src/XPCComponents.cpp
js/xpconnect/src/XPCShellImpl.cpp
--- a/js/xpconnect/loader/mozJSComponentLoader.cpp
+++ b/js/xpconnect/loader/mozJSComponentLoader.cpp
@@ -1008,18 +1008,18 @@ mozJSComponentLoader::ObjectForLocation(
 
     {
         AutoSaveContextOptions asco(cx);
         if (aPropagateExceptions)
             ContextOptionsRef(cx).setDontReportUncaught(true);
         if (script) {
             ok = JS_ExecuteScriptVersion(cx, obj, script, nullptr, JSVERSION_LATEST);
         } else {
-            jsval rval;
-            ok = JS_CallFunction(cx, obj, function, 0, nullptr, &rval);
+            RootedValue rval(cx);
+            ok = JS_CallFunction(cx, obj, function, 0, nullptr, rval.address());
         }
      }
 
     if (!ok) {
         if (aPropagateExceptions) {
             JS_GetPendingException(cx, aException);
             JS_ClearPendingException(cx);
         }
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -3403,18 +3403,18 @@ nsXPCComponents_Utils::GetIncumbentGloba
         // Note: We rely on the wrap call for outerization.
         globalVal = ObjectValue(*global->GetGlobalJSObject());
         if (!JS_WrapValue(aCx, &globalVal))
             return NS_ERROR_FAILURE;
     }
 
     // Invoke the callback, if passed.
     if (aCallback.isObject()) {
-        Value ignored;
-        if (!JS_CallFunctionValue(aCx, nullptr, aCallback, 1, globalVal.address(), &ignored))
+        RootedValue ignored(aCx);
+        if (!JS_CallFunctionValue(aCx, nullptr, aCallback, 1, globalVal.address(), ignored.address()))
             return NS_ERROR_FAILURE;
     }
 
     *aOut = globalVal;
     return NS_OK;
 }
 
 /*
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@@ -1129,24 +1129,25 @@ ProcessArgs(JSContext *cx, JS::Handle<JS
              */
             isInteractive = false;
             break;
         case 'i':
             isInteractive = forceTTY = true;
             break;
         case 'e':
         {
-            jsval rval;
+            RootedValue rval(cx);
 
             if (++i == argc) {
                 return usage();
             }
 
             JS_EvaluateScriptForPrincipals(cx, obj, gJSPrincipals, argv[i],
-                                           strlen(argv[i]), "-e", 1, &rval);
+                                           strlen(argv[i]), "-e", 1,
+                                           rval.address());
 
             isInteractive = false;
             break;
         }
         case 'C':
             compileOnly = true;
             isInteractive = false;
             break;