Bug 1525629. Move wrapper denial warning state to RealmPrivate. r=bholley
authorBoris Zbarsky <bzbarsky@mit.edu>
Thu, 07 Feb 2019 00:26:40 +0000
changeset 457606 6836ad129868dac54c41b17f0d70f6e5c962506e
parent 457605 dda7c63c1c185ca67f5bb7a67855f3d96f407edc
child 457607 f946a261f4fc355d5e3a2d25d5e7e5557bbd6dd5
push id35516
push userrmaries@mozilla.com
push dateFri, 08 Feb 2019 04:23:26 +0000
treeherdermozilla-central@d599d1a73a3a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1525629
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1525629. Move wrapper denial warning state to RealmPrivate. r=bholley This is supposed to be per-global state, and we're planning to have multiple globals per compartment. Differential Revision: https://phabricator.services.mozilla.com/D18850
js/xpconnect/src/XPCJSRuntime.cpp
js/xpconnect/src/xpcprivate.h
js/xpconnect/wrappers/XrayWrapper.cpp
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -196,34 +196,35 @@ CompartmentPrivate::CompartmentPrivate(J
       allowCPOWs(false),
       isContentXBLCompartment(false),
       isUAWidgetCompartment(false),
       hasExclusiveExpandos(false),
       universalXPConnectEnabled(false),
       wasShutdown(false),
       mWrappedJSMap(JSObject2WrappedJSMap::newMap(XPC_JS_MAP_LENGTH)) {
   MOZ_COUNT_CTOR(xpc::CompartmentPrivate);
-  mozilla::PodArrayZero(wrapperDenialWarnings);
 }
 
 CompartmentPrivate::~CompartmentPrivate() {
   MOZ_COUNT_DTOR(xpc::CompartmentPrivate);
   delete mWrappedJSMap;
 }
 
 void CompartmentPrivate::SystemIsBeingShutDown() {
   // We may call this multiple times when the compartment contains more than one
   // realm.
   if (!wasShutdown) {
     mWrappedJSMap->ShutdownMarker();
     wasShutdown = true;
   }
 }
 
-RealmPrivate::RealmPrivate(JS::Realm* realm) : scriptability(realm) {}
+RealmPrivate::RealmPrivate(JS::Realm* realm) : scriptability(realm) {
+  mozilla::PodArrayZero(wrapperDenialWarnings);
+}
 
 /* static */ void RealmPrivate::Init(HandleObject aGlobal,
                                      const SiteIdentifier& aSite) {
   MOZ_ASSERT(aGlobal);
   DebugOnly<const js::Class*> clasp = js::GetObjectClass(aGlobal);
   MOZ_ASSERT(clasp->flags &
                  (JSCLASS_PRIVATE_IS_NSISUPPORTS | JSCLASS_HAS_PRIVATE) ||
              dom::IsDOMClass(clasp));
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -2748,20 +2748,16 @@ class CompartmentPrivate {
   // follow the old scoping rules of enablePrivilege).
   //
   // Using it in production is inherently unsafe.
   bool universalXPConnectEnabled;
 
   // Whether SystemIsBeingShutDown has been called on this compartment.
   bool wasShutdown;
 
-  // Whether we've emitted a warning about a property that was filtered out
-  // by a security wrapper. See XrayWrapper.cpp.
-  bool wrapperDenialWarnings[WrapperDenialTypeCount];
-
   JSObject2WrappedJSMap* GetWrappedJSMap() const { return mWrappedJSMap; }
   void UpdateWeakPointersAfterGC();
 
   void SystemIsBeingShutDown();
 
   size_t SizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf);
 
   struct SweepPolicy {
@@ -2832,16 +2828,20 @@ class RealmPrivate {
   // This is only ever set during mochitest runs when enablePrivilege is called.
   // It allows the SpecialPowers scope to waive the normal chrome security
   // wrappers and expose properties directly to content. This lets us avoid a
   // bunch of overhead and complexity in our SpecialPowers automation glue.
   //
   // Using it in production is inherently unsafe.
   bool forcePermissiveCOWs = false;
 
+  // Whether we've emitted a warning about a property that was filtered out
+  // by a security wrapper. See XrayWrapper.cpp.
+  bool wrapperDenialWarnings[WrapperDenialTypeCount];
+
   const nsACString& GetLocation() {
     if (location.IsEmpty() && locationURI) {
       nsCOMPtr<nsIXPConnectWrappedJS> jsLocationURI =
           do_QueryInterface(locationURI);
       if (jsLocationURI) {
         // We cannot call into JS-implemented nsIURI objects, because
         // we are iterating over the JS heap at this point.
         location = NS_LITERAL_CSTRING("<JS-implemented nsIURI location>");
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@@ -182,17 +182,17 @@ bool OpaqueXrayTraits::resolveOwnPropert
   }
 
   return ReportWrapperDenial(cx, id, WrapperDenialForXray,
                              "object is not safely Xrayable");
 }
 
 bool ReportWrapperDenial(JSContext* cx, HandleId id, WrapperDenialType type,
                          const char* reason) {
-  CompartmentPrivate* priv = CompartmentPrivate::Get(CurrentGlobalOrNull(cx));
+  RealmPrivate* priv = RealmPrivate::Get(CurrentGlobalOrNull(cx));
   bool alreadyWarnedOnce = priv->wrapperDenialWarnings[type];
   priv->wrapperDenialWarnings[type] = true;
 
   // The browser console warning is only emitted for the first violation,
   // whereas the (debug-only) NS_WARNING is emitted for each violation.
 #ifndef DEBUG
   if (alreadyWarnedOnce) {
     return true;