Bug 1481467 part 1 - Use JSAutoRealm instead of JSAutoRealmAllowCCW in mozJSComponentLoader::ImportInto. r=kmag
authorJan de Mooij <jdemooij@mozilla.com>
Wed, 08 Aug 2018 15:07:41 +0200
changeset 430685 980f42a5b1bc4ee20ec33650c6cc598d865e357d
parent 430684 991ea626d9dcfff5b01eb0c12bbb14d69060c43a
child 430686 8b38554d067fb3b071b19f630219a385ce6241b3
push id34410
push usertoros@mozilla.com
push dateThu, 09 Aug 2018 10:02:47 +0000
treeherdermozilla-central@f650c0df72f9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskmag
bugs1481467
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1481467 part 1 - Use JSAutoRealm instead of JSAutoRealmAllowCCW in mozJSComponentLoader::ImportInto. r=kmag The targetVal argument is always same-compartment with the JSContext, so we only need to use JSAutoRealm in the FindTargetObject case.
js/xpconnect/loader/mozJSComponentLoader.cpp
--- a/js/xpconnect/loader/mozJSComponentLoader.cpp
+++ b/js/xpconnect/loader/mozJSComponentLoader.cpp
@@ -988,16 +988,18 @@ mozJSComponentLoader::ImportInto(const n
                                  JSContext* cx,
                                  uint8_t optionalArgc,
                                  MutableHandleValue retval)
 {
     MOZ_ASSERT(nsContentUtils::IsCallerChrome());
 
     RootedValue targetVal(cx, targetValArg);
     RootedObject targetObject(cx, nullptr);
+
+    Maybe<JSAutoRealm> ar;
     if (optionalArgc) {
         // The caller passed in the optional second argument. Get it.
         if (targetVal.isObject()) {
             // If we're passing in something like a content DOM window, chances
             // are the caller expects the properties to end up on the object
             // proper and not on the Xray holder. This is dubious, but can be used
             // during testing. Given that dumb callers can already leak JSMs into
             // content by passing a raw content JS object (where Xrays aren't
@@ -1011,22 +1013,22 @@ mozJSComponentLoader::ImportInto(const n
         } else if (!targetVal.isNull()) {
             // If targetVal isNull(), we actually want to leave targetObject null.
             // Not doing so breaks |make package|.
             return ReportOnCallerUTF8(cx, ERROR_SCOPE_OBJ,
                                       PromiseFlatCString(registryLocation).get());
         }
     } else {
         FindTargetObject(cx, &targetObject);
+        if (targetObject) {
+            ar.emplace(cx, targetObject);
+        }
     }
 
-    Maybe<JSAutoRealmAllowCCW> ar;
-    if (targetObject) {
-        ar.emplace(cx, targetObject);
-    }
+    js::AssertSameCompartment(cx, targetObject);
 
     RootedObject global(cx);
     nsresult rv = ImportInto(registryLocation, targetObject, cx, &global);
 
     if (global) {
         if (!JS_WrapObject(cx, &global)) {
             NS_ERROR("can't wrap return value");
             return NS_ERROR_FAILURE;