Mercurial > mozilla-central / changeset / 6029e0377ddac33b1528e59d760a0931851e7909
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1487238 - Do realm checks instead of compartment checks in the expression decompiler code. r=luke
authorJan de Mooij <jdemooij@mozilla.com>
Tue, 04 Sep 2018 14:07:28 +0000
changeset 434599 6029e0377ddac33b1528e59d760a0931851e7909
parent 434598 7ad7b862c561de147fbde605f4418b88d295470c
child 434600 04eb549952d0f5eae672a84407e111cdf2a8423e
push id34572
push userbtara@mozilla.com
push dateTue, 04 Sep 2018 22:54:11 +0000
treeherdermozilla-central@c3734e0f634e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs1487238
milestone63.0a1
first release with
nightly linux32
26990836dc5c / 64.0a1 / 20180905123750 / files
nightly linux64
26990836dc5c / 64.0a1 / 20180905123750 / files
nightly mac
26990836dc5c / 64.0a1 / 20180905123750 / files
nightly win32
26990836dc5c / 64.0a1 / 20180905123750 / files
nightly win64
26990836dc5c / 64.0a1 / 20180905123750 / files
last release without
nightly linux32
d14aaf65a80b / 63.0a1 / 20180903220141 / files
nightly linux64
d14aaf65a80b / 63.0a1 / 20180903220141 / files
nightly mac
d14aaf65a80b / 63.0a1 / 20180903220141 / files
nightly win32
d14aaf65a80b / 63.0a1 / 20180903220141 / files
nightly win64
d14aaf65a80b / 63.0a1 / 20180903220141 / files
Bug 1487238 - Do realm checks instead of compartment checks in the expression decompiler code. r=luke Another option is to allow same-compartment realms here, but this seems simpler and safer (to ensure we don't leak any information in document.domain cases or if we ever change from CPO to something else). A principals check is probably not worth the complexity. Differential Revision: https://phabricator.services.mozilla.com/D4868
js/src/jit-test/tests/realms/bug1487238.js file | annotate | diff | comparison | revisions
js/src/vm/BytecodeUtil.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/realms/bug1487238.js
@@ -0,0 +1,3 @@
+// |jit-test| error: TypeError
+var x = newGlobal({sameCompartmentAs: this});
+x instanceof x.Map.prototype.set;
--- a/js/src/vm/BytecodeUtil.cpp
+++ b/js/src/vm/BytecodeUtil.cpp
@@ -2257,17 +2257,17 @@ DecompileExpressionFromStack(JSContext* 
     return true;
 #endif
 
     if (spindex == JSDVG_IGNORE_STACK)
         return true;
 
     FrameIter frameIter(cx);
 
-    if (frameIter.done() || !frameIter.hasScript() || frameIter.compartment() != cx->compartment())
+    if (frameIter.done() || !frameIter.hasScript() || frameIter.realm() != cx->realm())
         return true;
 
     /*
      * FIXME: Fall back if iter.isIon(), since the stack snapshot may be for the
      * previous pc (see bug 831120).
      */
     if (frameIter.isIon())
         return true;
@@ -2347,17 +2347,17 @@ DecompileArgumentFromStack(JSContext* cx
     /*
      * Get the second-to-top frame, the non-self-hosted caller of the builtin
      * that called the intrinsic.
      */
     ++frameIter;
     if (frameIter.done() ||
         !frameIter.hasScript() ||
         frameIter.script()->selfHosted() ||
-        frameIter.compartment() != cx->compartment())
+        frameIter.realm() != cx->realm())
     {
         return true;
     }
 
     RootedScript script(cx, frameIter.script());
     jsbytecode* current = frameIter.pc();
 
     MOZ_ASSERT(script->containsPC(current));
mozilla-central
Deployed from e404c980045c at 2021-03-01T18:43:47Z.