| ☠☠ backed out by c677dd4b1aba ☠ ☠ | |
| author | Jacek Szpot <maligree@gmail.com> |
| Thu, 04 Apr 2013 12:14:32 +0200 | |
| changeset 127897 | a85d21e394c0b3114e4ae34eac63ac5bea2f0f7c |
| parent 127896 | ea8f727040ce32120f99325421212c431e2159b1 |
| child 127898 | 082be152752b30163643e4f8201dd5171814bb6a |
| push id | 24514 |
| push user | philringnalda@gmail.com |
| push date | Sun, 07 Apr 2013 00:38:29 +0000 |
| treeherder | mozilla-central@be3be63607b0 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | bholley |
| bugs | 854503 |
| milestone | 23.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/content/base/src/nsObjectLoadingContent.cpp +++ b/content/base/src/nsObjectLoadingContent.cpp @@ -2941,17 +2941,17 @@ nsObjectLoadingContent::TeardownProtoCha if (!::JS_GetPrototype(cx, obj, &proto)) { return; } if (!proto) { break; } // Unwrap while checking the jsclass - if the prototype is a wrapper for // an NP object, that counts too. - if (JS_GetClass(js::UnwrapObject(proto)) == &sNPObjectJSWrapperClass) { + if (JS_GetClass(js::UncheckedUnwrap(proto)) == &sNPObjectJSWrapperClass) { // We found an NPObject on the proto chain, get its prototype... if (!::JS_GetPrototype(cx, proto, &proto)) { return; } MOZ_ASSERT(!removed, "more than one NPObject in prototype chain"); removed = true;
--- a/content/xbl/src/nsXBLProtoImplField.cpp +++ b/content/xbl/src/nsXBLProtoImplField.cpp @@ -178,17 +178,17 @@ InstallXBLField(JSContext* cx, JS::Rooted<JS::Value> name(cx, js::GetFunctionNativeReserved(callee, FIELD_SLOT)); JSFlatString* fieldStr = JS_ASSERT_STRING_IS_FLAT(name.toString()); fieldName.init(fieldStr); MOZ_ALWAYS_TRUE(JS_ValueToId(cx, name, idp.address())); // If a separate XBL scope is being used, the callee is not same-compartment // with the xbl prototype, and the object is a cross-compartment wrapper. - xblProto = js::UnwrapObject(xblProto); + xblProto = js::UncheckedUnwrap(xblProto); JSAutoCompartment ac2(cx, xblProto); JS::Value slotVal = ::JS_GetReservedSlot(xblProto, 0); protoBinding = static_cast<nsXBLPrototypeBinding*>(slotVal.toPrivate()); MOZ_ASSERT(protoBinding); } nsXBLProtoImplField* field = protoBinding->FindField(fieldName); MOZ_ASSERT(field); @@ -225,17 +225,17 @@ FieldGetterImpl(JSContext *cx, JS::CallA JS::Rooted<JSObject*> thisObj(cx, &thisv.toObject()); // We should be in the compartment of |this|. If we got here via nativeCall, // |this| is not same-compartment with |callee|, and it's possible via // asymmetric security semantics that |args.calleev()| is actually a security // wrapper. In this case, we know we want to do an unsafe unwrap, and // InstallXBLField knows how to handle cross-compartment pointers. bool installed = false; - JS::Rooted<JSObject*> callee(cx, js::UnwrapObject(&args.calleev().toObject())); + JS::Rooted<JSObject*> callee(cx, js::UncheckedUnwrap(&args.calleev().toObject())); JS::Rooted<jsid> id(cx); if (!InstallXBLField(cx, callee, thisObj, &id, &installed)) { return false; } if (!installed) { args.rval().setUndefined(); return true; @@ -294,17 +294,17 @@ FieldSetterImpl(JSContext *cx, JS::CallA JS::Rooted<JSObject*> thisObj(cx, &thisv.toObject()); // We should be in the compartment of |this|. If we got here via nativeCall, // |this| is not same-compartment with |callee|, and it's possible via // asymmetric security semantics that |args.calleev()| is actually a security // wrapper. In this case, we know we want to do an unsafe unwrap, and // InstallXBLField knows how to handle cross-compartment pointers. bool installed = false; - JS::Rooted<JSObject*> callee(cx, js::UnwrapObject(&args.calleev().toObject())); + JS::Rooted<JSObject*> callee(cx, js::UncheckedUnwrap(&args.calleev().toObject())); JS::Rooted<jsid> id(cx); if (!InstallXBLField(cx, callee, thisObj, &id, &installed)) { return false; } if (installed) { JS::Rooted<JS::Value> v(cx, args.length() > 0 ? args[0] : JS::UndefinedValue());
--- a/dom/base/nsDOMClassInfo.cpp +++ b/dom/base/nsDOMClassInfo.cpp @@ -4255,17 +4255,17 @@ nsDOMConstructor::HasInstance(nsIXPConne if (JSVAL_IS_PRIMITIVE(v)) { return NS_OK; } JSObject *dom_obj = JSVAL_TO_OBJECT(v); NS_ASSERTION(dom_obj, "nsDOMConstructor::HasInstance couldn't get object"); // This might not be the right object, if there are wrappers. Unwrap if we can. - JSObject *wrapped_obj = js::UnwrapObjectChecked(dom_obj, /* stopAtOuter = */ false); + JSObject *wrapped_obj = js::CheckedUnwrap(dom_obj, /* stopAtOuter = */ false); if (wrapped_obj) dom_obj = wrapped_obj; JSClass *dom_class = JS_GetClass(dom_obj); if (!dom_class) { NS_ERROR("nsDOMConstructor::HasInstance can't get class."); return NS_ERROR_UNEXPECTED; } @@ -4770,17 +4770,17 @@ nsWindowSH::GlobalResolve(nsGlobalWindow if (name_struct->mPrefEnabled && !(*name_struct->mPrefEnabled)()) { return NS_OK; } Maybe<JSAutoCompartment> ac; JSObject* global; bool defineOnXray = ObjectIsNativeWrapper(cx, obj); if (defineOnXray) { - global = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + global = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!global) { return NS_ERROR_DOM_SECURITY_ERR; } ac.construct(cx, global); } else { global = obj; } @@ -5018,17 +5018,17 @@ ContentWindowGetter(JSContext *cx, unsig return ::JS_GetProperty(cx, obj, "content", vp); } template<class Interface> static nsresult LocationSetterGuts(JSContext *cx, JSObject *obj, jsval *vp) { // This function duplicates some of the logic in XPC_WN_HelperSetProperty - obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!IS_WN_WRAPPER(obj)) return NS_ERROR_XPC_BAD_CONVERT_JS; XPCWrappedNative *wrapper = XPCWrappedNative::Get(obj); // The error checks duplicate code in THROW_AND_RETURN_IF_BAD_WRAPPER NS_ENSURE_TRUE(!wrapper || wrapper->IsValid(), NS_ERROR_XPC_HAS_BEEN_SHUTDOWN); nsCOMPtr<Interface> xpcomObj = do_QueryWrappedNative(wrapper, obj);
--- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -6484,17 +6484,17 @@ nsGlobalWindow::CallerInnerWindow() // sandboxPrototype. This used to work incidentally for unrelated reasons, but // now we need to do some special handling to support it. { JSAutoCompartment ac(cx, scope); JSObject *scopeProto; bool ok = JS_GetPrototype(cx, scope, &scopeProto); NS_ENSURE_TRUE(ok, nullptr); if (scopeProto && xpc::IsSandboxPrototypeProxy(scopeProto) && - (scopeProto = js::UnwrapObjectChecked(scopeProto, /* stopAtOuter = */ false))) + (scopeProto = js::CheckedUnwrap(scopeProto, /* stopAtOuter = */ false))) { scope = scopeProto; } } JSAutoCompartment ac(cx, scope); nsCOMPtr<nsIXPConnectWrappedNative> wrapper; nsContentUtils::XPConnect()->
--- a/dom/bindings/BindingUtils.cpp +++ b/dom/bindings/BindingUtils.cpp @@ -662,17 +662,17 @@ QueryInterface(JSContext* cx, unsigned a { JS::Value thisv = JS_THIS(cx, vp); if (thisv == JSVAL_NULL) return false; // Get the object. It might be a security wrapper, in which case we do a checked // unwrap. JSObject* origObj = JSVAL_TO_OBJECT(thisv); - JSObject* obj = js::UnwrapObjectChecked(origObj); + JSObject* obj = js::CheckedUnwrap(origObj); if (!obj) { JS_ReportError(cx, "Permission denied to access object"); return false; } nsISupports* native; if (!UnwrapDOMObjectToISupports(obj, native)) { return Throw<true>(cx, NS_ERROR_FAILURE); @@ -1240,17 +1240,17 @@ GetPropertyOnPrototype(JSContext* cx, JS } bool HasPropertyOnPrototype(JSContext* cx, JSObject* proxy, DOMProxyHandler* handler, jsid id) { Maybe<JSAutoCompartment> ac; if (xpc::WrapperFactory::IsXrayWrapper(proxy)) { - proxy = js::UnwrapObject(proxy); + proxy = js::UncheckedUnwrap(proxy); ac.construct(cx, proxy); } MOZ_ASSERT(js::IsProxy(proxy) && js::GetProxyHandler(proxy) == handler); bool found; // We ignore an error from GetPropertyOnPrototype. return !GetPropertyOnPrototype(cx, proxy, id, &found, NULL) || found; } @@ -1582,17 +1582,17 @@ ReparentWrapper(JSContext* aCx, JSObject } template<bool mainThread> inline JSObject* GetGlobalObject(JSContext* aCx, JSObject* aObject, Maybe<JSAutoCompartment>& aAutoCompartment) { if (js::IsWrapper(aObject)) { - aObject = js::UnwrapObjectChecked(aObject, /* stopAtOuter = */ false); + aObject = js::CheckedUnwrap(aObject, /* stopAtOuter = */ false); if (!aObject) { Throw<mainThread>(aCx, NS_ERROR_XPC_SECURITY_MANAGER_VETO); return nullptr; } aAutoCompartment.construct(aCx, aObject); } return JS_GetGlobalForObject(aCx, aObject); @@ -1631,17 +1631,17 @@ WorkerGlobalObject::WorkerGlobalObject(J JSBool InterfaceHasInstance(JSContext* cx, JSHandleObject obj, JSObject* instance, JSBool* bp) { const DOMIfaceAndProtoJSClass* clasp = DOMIfaceAndProtoJSClass::FromJSClass(js::GetObjectClass(obj)); - const DOMClass* domClass = GetDOMClass(js::UnwrapObject(instance)); + const DOMClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance)); MOZ_ASSERT(!domClass || clasp->mPrototypeID != prototypes::id::_ID_Count, "Why do we have a hasInstance hook if we don't have a prototype " "ID?"); if (domClass && domClass->mInterfaceChain[clasp->mDepth] == clasp->mPrototypeID) { *bp = true;
--- a/dom/bindings/BindingUtils.h +++ b/dom/bindings/BindingUtils.h @@ -155,17 +155,17 @@ UnwrapObject(JSContext* cx, JSObject* ob const DOMClass* domClass = GetDOMClass(obj); if (!domClass) { /* Maybe we have a security wrapper or outer window? */ if (!js::IsWrapper(obj)) { /* Not a DOM object, not a wrapper, just bail */ return NS_ERROR_XPC_BAD_CONVERT_JS; } - obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!obj) { return NS_ERROR_XPC_SECURITY_MANAGER_VETO; } MOZ_ASSERT(!js::IsWrapper(obj)); domClass = GetDOMClass(obj); if (!domClass) { /* We don't have a DOM object */ return NS_ERROR_XPC_BAD_CONVERT_JS; @@ -616,17 +616,17 @@ WrapNewBindingNonWrapperCachedObject(JSC { // We try to wrap in the compartment of the underlying object of "scope" JSObject* obj; { // scope for the JSAutoCompartment so that we restore the compartment // before we call JS_WrapValue. Maybe<JSAutoCompartment> ac; if (js::IsWrapper(scope)) { - scope = js::UnwrapObjectChecked(scope, /* stopAtOuter = */ false); + scope = js::CheckedUnwrap(scope, /* stopAtOuter = */ false); if (!scope) return false; ac.construct(cx, scope); } obj = value->WrapObject(cx, scope); }
--- a/dom/bindings/CallbackObject.cpp +++ b/dom/bindings/CallbackObject.cpp @@ -45,17 +45,17 @@ CallbackObject::CallSetup::CallSetup(JSO // We need to produce a useful JSContext here. Ideally one that the callback // is in some sense associated with, so that we can sort of treat it as a // "script entry point". Though once we actually have script entry points, // we'll need to do the script entry point bits once we have an actual // callable. // First, find the real underlying callback. - JSObject* realCallback = js::UnwrapObject(aCallback); + JSObject* realCallback = js::UncheckedUnwrap(aCallback); // Now get the nsIScriptGlobalObject for this callback. JSContext* cx = nullptr; nsIScriptContext* ctx = nullptr; nsIScriptGlobalObject* sgo = nsJSUtils::GetStaticScriptGlobal(realCallback); if (sgo) { // Make sure that if this is a window it's the current inner, since the // nsIScriptContext and hence JSContext are associated with the outer @@ -101,17 +101,17 @@ CallbackObject::CallSetup::CallSetup(JSO // FIXME: Bug 807369. mCtx = ctx; // Check that it's ok to run this callback at all. // FIXME: Bug 807371: we want a less silly check here. // Make sure to unwrap aCallback before passing it in, because // getting principals from wrappers is silly. nsresult rv = nsContentUtils::GetSecurityManager()-> - CheckFunctionAccess(cx, js::UnwrapObject(aCallback), nullptr); + CheckFunctionAccess(cx, js::UncheckedUnwrap(aCallback), nullptr); // Construct a termination func holder even if we're not planning to // run any script. We need this because we're going to call // ScriptEvaluated even if we don't run the script... See XXX // comment above. if (ctx) { mTerminationFuncHolder.construct(static_cast<nsJSContext*>(ctx)); }
--- a/dom/bindings/CallbackObject.h +++ b/dom/bindings/CallbackObject.h @@ -49,17 +49,17 @@ public: */ CallbackObject(JSContext* cx, JSObject* aOwner, JSObject* aCallback, bool* aInited) : mCallback(nullptr) { // If aOwner is not null, enter the compartment of aOwner's // underlying object. if (aOwner) { - aOwner = js::UnwrapObject(aOwner); + aOwner = js::UncheckedUnwrap(aOwner); JSAutoCompartment ac(cx, aOwner); if (!JS_WrapObject(cx, &aCallback)) { *aInited = false; return; } } Init(aCallback); @@ -277,19 +277,19 @@ public: if (!HasWebIDLCallback() || !GetWebIDLCallback()) { // If other is non-null, then we can't be equal if we have a // non-WebIDL callback or a null callback. return false; } JSObject* thisObj = - js::UnwrapObject(GetWebIDLCallback()->CallbackPreserveColor()); + js::UncheckedUnwrap(GetWebIDLCallback()->CallbackPreserveColor()); JSObject* otherObj = - js::UnwrapObject(aOtherCallback->CallbackPreserveColor()); + js::UncheckedUnwrap(aOtherCallback->CallbackPreserveColor()); return thisObj == otherObj; } bool operator==(XPCOMCallbackT* aOtherCallback) const { return (!aOtherCallback && !GetISupports()) || (!HasWebIDLCallback() && GetXPCOMCallback() == aOtherCallback); }
--- a/dom/bindings/Codegen.py +++ b/dom/bindings/Codegen.py @@ -1106,24 +1106,24 @@ class CGClassHasInstanceHook(CGAbstractS bool ok = InterfaceHasInstance(cx, obj, instance, bp); if (!ok || *bp) { return ok; } // FIXME Limit this to chrome by checking xpc::AccessCheck::isChrome(obj). nsISupports* native = nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, - js::UnwrapObject(instance)); + js::UncheckedUnwrap(instance)); nsCOMPtr<nsIDOM%s> qiResult = do_QueryInterface(native); *bp = !!qiResult; return true; """ % self.descriptor.interface.identifier.name hasInstanceCode = """ - const DOMClass* domClass = GetDOMClass(js::UnwrapObject(instance)); + const DOMClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance)); *bp = false; """ # Sort interaces implementing self by name so we get stable output. for iface in sorted(self.descriptor.interface.interfacesImplementingSelf, key=lambda iface: iface.identifier.name): hasInstanceCode += """ if (domClass->mInterfaceChain[PrototypeTraits<prototypes::id::%s>::Depth] == prototypes::id::%s) { *bp = true; @@ -6068,17 +6068,17 @@ class CGProxyUnwrap(CGAbstractMethod): args = [Argument('JSObject*', 'obj')] CGAbstractMethod.__init__(self, descriptor, "UnwrapProxy", descriptor.nativeType + '*', args, alwaysInline=True) def declare(self): return "" def definition_body(self): return """ MOZ_ASSERT(js::IsProxy(obj)); if (js::GetProxyHandler(obj) != DOMProxyHandler::getInstance()) { MOZ_ASSERT(xpc::WrapperFactory::IsXrayWrapper(obj)); - obj = js::UnwrapObject(obj); + obj = js::UncheckedUnwrap(obj); } MOZ_ASSERT(IsProxy(obj)); return static_cast<%s*>(js::GetProxyPrivate(obj).toPrivate());""" % (self.descriptor.nativeType) class CGDOMJSProxyHandlerDOMClass(CGThing): def __init__(self, descriptor): CGThing.__init__(self) self.descriptor = descriptor
--- a/dom/plugins/base/nsJSNPRuntime.cpp +++ b/dom/plugins/base/nsJSNPRuntime.cpp @@ -460,17 +460,17 @@ JSValToNPVariant(NPP npp, JSContext *cx, // The reflected plugin object may be in another compartment if the plugin // element has since been adopted into a new document. We don't bother // transplanting the plugin objects, and just do a unwrap with security // checks if we encounter one of them as an argument. If the unwrap fails, // we run with the original wrapped object, since sometimes there are // legitimate cases where a security wrapper ends up here (for example, // Location objects, which are _always_ behind security wrappers). JSObject *obj = JSVAL_TO_OBJECT(val); - obj = js::UnwrapObjectChecked(obj); + obj = js::CheckedUnwrap(obj); if (!obj) { obj = JSVAL_TO_OBJECT(val); } NPObject *npobj = nsJSObjWrapper::GetNewOrUsed(npp, cx, obj); if (!npobj) { return false; } @@ -1122,17 +1122,17 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS // wrapper. // // Because this function unwraps, its return value must be wrapped for the cx // compartment for callers that plan to hold onto the result or do anything // substantial with it. static JSObject * GetNPObjectWrapper(JSContext *cx, JSObject *obj, bool wrapResult = true) { - while (obj && (obj = js::UnwrapObjectChecked(obj))) { + while (obj && (obj = js::CheckedUnwrap(obj))) { if (JS_GetClass(obj) == &sNPObjectJSWrapperClass) { if (wrapResult && !JS_WrapObject(cx, &obj)) { return NULL; } return obj; } if (!::JS_GetPrototype(cx, obj, &obj)) { return NULL;
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp +++ b/dom/src/jsurl/nsJSProtocolHandler.cpp @@ -289,17 +289,17 @@ nsresult nsJSThunk::EvaluateScript(nsICh // The nsXPConnect sandbox API gives us a wrapper to the sandbox for // our current compartment. Because our current context doesn't necessarily // subsume that of the sandbox, we want to unwrap and enter the sandbox's // compartment. It's a shame that the APIs here are so clunkly. :-( JSObject *sandboxObj; rv = sandbox->GetJSObject(&sandboxObj); NS_ENSURE_SUCCESS(rv, rv); - sandboxObj = js::UnwrapObject(sandboxObj); + sandboxObj = js::UncheckedUnwrap(sandboxObj); JSAutoCompartment ac(cx, sandboxObj); // Push our JSContext on the context stack so the JS_ValueToString call (and // JS_ReportPendingException, if relevant) will use the principal of cx. // Note that we do this as late as possible to make popping simpler. nsCOMPtr<nsIJSContextStack> stack = do_GetService("@mozilla.org/js/xpc/ContextStack;1", &rv); if (NS_SUCCEEDED(rv)) {
--- a/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp +++ b/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp @@ -55,17 +55,17 @@ nsresult CentralizedAdminPrefManagerInit JSAutoRequest ar(cx); nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox; rv = xpc->CreateSandbox(cx, principal, getter_AddRefs(sandbox)); NS_ENSURE_SUCCESS(rv, rv); // Unwrap, store and root the sandbox. rv = sandbox->GetJSObject(&autoconfigSb); NS_ENSURE_SUCCESS(rv, rv); - autoconfigSb = js::UnwrapObject(autoconfigSb); + autoconfigSb = js::UncheckedUnwrap(autoconfigSb); JSAutoCompartment ac(cx, autoconfigSb); if (!JS_AddNamedObjectRoot(cx, &autoconfigSb, "AutoConfig Sandbox")) return NS_ERROR_FAILURE; return NS_OK; } nsresult CentralizedAdminPrefManagerFinish()
--- a/js/src/builtin/TestingFunctions.cpp +++ b/js/src/builtin/TestingFunctions.cpp @@ -200,17 +200,17 @@ GC(JSContext *cx, unsigned argc, jsval * */ JSBool compartment = false; if (argc == 1) { Value arg = vp[2]; if (arg.isString()) { if (!JS_StringEqualsAscii(cx, arg.toString(), "compartment", &compartment)) return false; } else if (arg.isObject()) { - PrepareZoneForGC(UnwrapObject(&arg.toObject())->zone()); + PrepareZoneForGC(UncheckedUnwrap(&arg.toObject())->zone()); compartment = true; } } #ifndef JS_MORE_DETERMINISTIC size_t preBytes = cx->runtime->gcBytes; #endif @@ -403,17 +403,17 @@ ScheduleGC(JSContext *cx, unsigned argc, return JS_FALSE; } if (args[0].isInt32()) { /* Schedule a GC to happen after |arg| allocations. */ JS_ScheduleGC(cx, args[0].toInt32()); } else if (args[0].isObject()) { /* Ensure that |zone| is collected during the next GC. */ - Zone *zone = UnwrapObject(&args[0].toObject())->zone(); + Zone *zone = UncheckedUnwrap(&args[0].toObject())->zone(); PrepareZoneForGC(zone); } else if (args[0].isString()) { /* This allows us to schedule atomsCompartment for GC. */ PrepareZoneForGC(args[0].toString()->zone()); } *vp = JSVAL_VOID; return JS_TRUE;
--- a/js/src/jsboolinlines.h +++ b/js/src/jsboolinlines.h @@ -29,17 +29,17 @@ BooleanGetPrimitiveValue(JSContext *cx, } return BooleanGetPrimitiveValueSlow(cx, obj, vp); } inline bool EmulatesUndefined(RawObject obj) { - RawObject actual = MOZ_LIKELY(!obj->isWrapper()) ? obj : UnwrapObject(obj); + RawObject actual = MOZ_LIKELY(!obj->isWrapper()) ? obj : UncheckedUnwrap(obj); bool emulatesUndefined = actual->getClass()->emulatesUndefined(); MOZ_ASSERT_IF(emulatesUndefined, obj->type()->flags & types::OBJECT_FLAG_EMULATES_UNDEFINED); return emulatesUndefined; } } /* namespace js */ #endif /* jsboolinlines_h___ */
--- a/js/src/jsclone.cpp +++ b/js/src/jsclone.cpp @@ -456,17 +456,17 @@ JSStructuredCloneWriter::parseTransferab return false; } if (!v.isObject()) { reportErrorTransferable(); return false; } - JSObject* tObj = UnwrapObjectChecked(&v.toObject()); + JSObject* tObj = CheckedUnwrap(&v.toObject()); if (!tObj) { JS_ReportError(context(), "Permission denied to access object"); return false; } if (!tObj->isArrayBuffer()) { reportErrorTransferable(); return false; } @@ -539,17 +539,17 @@ JS_PUBLIC_API(JSBool) JS_WriteTypedArray(JSStructuredCloneWriter *w, jsval v) { JS_ASSERT(v.isObject()); RootedObject obj(w->context(), &v.toObject()); // If the object is a security wrapper, see if we're allowed to unwrap it. // If we aren't, throw. if (obj->isWrapper()) - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) { JS_ReportError(w->context(), "Permission denied to access object"); return false; } return w->writeTypedArray(obj); } bool @@ -643,17 +643,17 @@ JSStructuredCloneWriter::startWrite(cons return out.writePair(SCTAG_NULL, 0); } else if (v.isUndefined()) { return out.writePair(SCTAG_UNDEFINED, 0); } else if (v.isObject()) { RootedObject obj(context(), &v.toObject()); // The object might be a security wrapper. See if we can clone what's // behind it. If we can, unwrap the object. - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) { JS_ReportError(context(), "Permission denied to access object"); return false; } AutoCompartment ac(context(), obj); bool backref;
--- a/js/src/jscompartment.cpp +++ b/js/src/jscompartment.cpp @@ -258,17 +258,17 @@ JSCompartment::wrap(JSContext *cx, Mutab if (obj->compartment() == this) return WrapForSameCompartment(cx, obj, vp); /* Translate StopIteration singleton. */ if (obj->isStopIteration()) return js_FindClassObject(cx, JSProto_StopIteration, vp); /* Unwrap the object, but don't unwrap outer windows. */ - obj = UnwrapObject(obj, /* stopAtOuter = */ true, &flags); + obj = UncheckedUnwrap(obj, /* stopAtOuter = */ true, &flags); if (obj->compartment() == this) return WrapForSameCompartment(cx, obj, vp); if (cx->runtime->preWrapObjectCallback) { obj = cx->runtime->preWrapObjectCallback(cx, global, obj, flags); if (!obj) return false;
--- a/js/src/jsdbgapi.cpp +++ b/js/src/jsdbgapi.cpp @@ -918,23 +918,23 @@ JS_DumpCompartmentPCCounts(JSContext *cx if (script->hasScriptCounts && script->enclosingScriptsCompiledSuccessfully()) JS_DumpPCCounts(cx, script); } } JS_PUBLIC_API(JSObject *) JS_UnwrapObject(JSObject *obj) { - return UnwrapObject(obj); + return UncheckedUnwrap(obj); } JS_PUBLIC_API(JSObject *) JS_UnwrapObjectAndInnerize(JSObject *obj) { - return UnwrapObject(obj, /* stopAtOuter = */ false); + return UncheckedUnwrap(obj, /* stopAtOuter = */ false); } JS_FRIEND_API(JSBool) js_CallContextDebugHandler(JSContext *cx) { NonBuiltinScriptFrameIter iter(cx); JS_ASSERT(!iter.done());
--- a/js/src/jsfriendapi.cpp +++ b/js/src/jsfriendapi.cpp @@ -66,17 +66,17 @@ JS_FindCompilationScope(JSContext *cx, R { RootedObject obj(cx, objArg); /* * We unwrap wrappers here. This is a little weird, but it's what's being * asked of us. */ if (obj->isWrapper()) - obj = UnwrapObject(obj); + obj = UncheckedUnwrap(obj); /* * Innerize the target_obj so that we compile in the correct (inner) * scope. */ if (JSObjectOp op = obj->getClass()->ext.innerObject) obj = op(cx, obj); return obj;
--- a/js/src/jsproxy.cpp +++ b/js/src/jsproxy.cpp @@ -558,17 +558,17 @@ DirectProxyHandler::defaultValue(JSConte if (hint == JSTYPE_VOID) return ToPrimitive(cx, vp); return ToPrimitive(cx, hint, vp); } JSObject * DirectProxyHandler::weakmapKeyDelegate(JSObject *proxy) { - return UnwrapObject(proxy); + return UncheckedUnwrap(proxy); } DirectProxyHandler::DirectProxyHandler(void *family) : BaseProxyHandler(family) { } bool
--- a/js/src/jstypedarray.cpp +++ b/js/src/jstypedarray.cpp @@ -1834,17 +1834,17 @@ class TypedArrayTemplate /* * (typedArray) * (type[] array) * * Otherwise create a new typed array and copy elements 0..len-1 * properties from the object, treating it as some sort of array. * Note that offset and length will be ignored */ - if (!UnwrapObject(dataObj)->isArrayBuffer()) + if (!UncheckedUnwrap(dataObj)->isArrayBuffer()) return fromArray(cx, dataObj); /* (ArrayBuffer, [byteOffset, [length]]) */ int32_t byteOffset = -1; int32_t length = -1; if (argc > 1) { if (!ToInt32(cx, argv[1], &byteOffset)) @@ -2117,17 +2117,17 @@ class TypedArrayTemplate * construct the new typed array in the compartment of the buffer, * so that the typed array can point directly at their buffer's * data without crossing compartment boundaries. So we use the * machinery underlying NonGenericMethodGuard directly to proxy the * native call. We will end up with a wrapper in the origin * compartment for a view in the target compartment referencing the * ArrayBuffer in that same compartment. */ - JSObject *wrapped = UnwrapObjectChecked(bufobj); + JSObject *wrapped = CheckedUnwrap(bufobj); if (!wrapped) { JS_ReportError(cx, "Permission denied to access object"); return NULL; } if (wrapped->isArrayBuffer()) { /* * And for even more fun, the new view's prototype should be * set to the origin compartment's prototype object, not the @@ -2740,17 +2740,17 @@ JSBool DataViewObject::class_constructor(JSContext *cx, unsigned argc, Value *vp) { CallArgs args = CallArgsFromVp(argc, vp); RootedObject bufobj(cx); if (!GetFirstArgumentAsObject(cx, args, "DataView constructor", &bufobj)) return false; - if (bufobj->isWrapper() && UnwrapObject(bufobj)->isArrayBuffer()) { + if (bufobj->isWrapper() && UncheckedUnwrap(bufobj)->isArrayBuffer()) { Rooted<GlobalObject*> global(cx, cx->compartment->maybeGlobal()); Rooted<JSObject*> proto(cx, global->getOrCreateDataViewPrototype(cx)); if (!proto) return false; InvokeArgsGuard ag; if (!cx->stack.pushInvokeArgs(cx, args.length() + 1, &ag)) return false; @@ -3387,17 +3387,17 @@ JSFunctionSpec _typedArray::jsfuncs[] = MOZ_ASSERT(byteoffset <= INT32_MAX); \ Rooted<JSObject*> arrayBuffer(cx, arrayBuffer_); \ Rooted<JSObject*> proto(cx, NULL); \ return TypedArrayTemplate<NativeType>::fromBuffer(cx, arrayBuffer, byteoffset, length, \ proto); \ } \ JS_FRIEND_API(JSBool) JS_Is ## Name ## Array(JSObject *obj) \ { \ - if (!(obj = UnwrapObjectChecked(obj))) \ + if (!(obj = CheckedUnwrap(obj))) \ return false; \ Class *clasp = obj->getClass(); \ return (clasp == &TypedArray::classes[TypedArrayTemplate<NativeType>::ArrayTypeID()]); \ } IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int8, int8_t) IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8, uint8_t) IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8Clamped, uint8_clamped) @@ -3408,17 +3408,17 @@ IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Float32, float) IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Float64, double) #define IMPL_TYPED_ARRAY_COMBINED_UNWRAPPERS(Name, ExternalType, InternalType) \ JS_FRIEND_API(JSObject *) JS_GetObjectAs ## Name ## Array(JSObject *obj, \ uint32_t *length, \ ExternalType **data) \ { \ - if (!(obj = UnwrapObjectChecked(obj))) \ + if (!(obj = CheckedUnwrap(obj))) \ return NULL; \ \ Class *clasp = obj->getClass(); \ if (clasp != &TypedArray::classes[TypedArrayTemplate<InternalType>::ArrayTypeID()]) \ return NULL; \ \ *length = TypedArray::length(obj); \ *data = static_cast<ExternalType *>(TypedArray::viewData(obj)); \ @@ -3856,45 +3856,45 @@ js::IsTypedArrayBuffer(const Value &v) return v.isObject() && v.toObject().isArrayBuffer(); } /* JS Friend API */ JS_FRIEND_API(JSBool) JS_IsArrayBufferObject(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); return obj ? obj->isArrayBuffer() : false; } JS_FRIEND_API(JSBool) JS_IsTypedArrayObject(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); return obj ? obj->isTypedArray() : false; } JS_FRIEND_API(JSBool) JS_IsArrayBufferViewObject(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); return obj ? (obj->isTypedArray() || obj->isDataView()) : false; } JS_FRIEND_API(uint32_t) JS_GetArrayBufferByteLength(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); return obj ? obj->asArrayBuffer().byteLength() : 0; } JS_FRIEND_API(uint8_t *) JS_GetArrayBufferData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; ArrayBufferObject &buffer = obj->asArrayBuffer(); if (!buffer.uninlineData(NULL)) return NULL; return buffer.dataPointer(); } @@ -3930,262 +3930,262 @@ JS_AllocateArrayBufferContents(JSContext *data = reinterpret_cast<uint8_t*>(header->elements()); return true; } JS_PUBLIC_API(JSBool) JS_StealArrayBufferContents(JSContext *cx, JSObject *obj, void **contents, uint8_t **data) { - if (!(obj = UnwrapObjectChecked(obj))) + if (!(obj = CheckedUnwrap(obj))) return false; if (!obj->isArrayBuffer()) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_TYPED_ARRAY_BAD_ARGS); return false; } if (!ArrayBufferObject::stealContents(cx, obj, contents, data)) return false; return true; } JS_FRIEND_API(uint32_t) JS_GetTypedArrayLength(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; JS_ASSERT(obj->isTypedArray()); return TypedArray::length(obj); } JS_FRIEND_API(uint32_t) JS_GetTypedArrayByteOffset(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; JS_ASSERT(obj->isTypedArray()); return TypedArray::byteOffset(obj); } JS_FRIEND_API(uint32_t) JS_GetTypedArrayByteLength(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; JS_ASSERT(obj->isTypedArray()); return TypedArray::byteLength(obj); } JS_FRIEND_API(JSArrayBufferViewType) JS_GetArrayBufferViewType(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return ArrayBufferView::TYPE_MAX; if (obj->isTypedArray()) return static_cast<JSArrayBufferViewType>(TypedArray::type(obj)); else if (obj->isDataView()) return ArrayBufferView::TYPE_DATAVIEW; JS_NOT_REACHED("invalid ArrayBufferView type"); return ArrayBufferView::TYPE_MAX; } JS_FRIEND_API(int8_t *) JS_GetInt8ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT8); return static_cast<int8_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(uint8_t *) JS_GetUint8ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT8); return static_cast<uint8_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(uint8_t *) JS_GetUint8ClampedArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT8_CLAMPED); return static_cast<uint8_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(int16_t *) JS_GetInt16ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT16); return static_cast<int16_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(uint16_t *) JS_GetUint16ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT16); return static_cast<uint16_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(int32_t *) JS_GetInt32ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_INT32); return static_cast<int32_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(uint32_t *) JS_GetUint32ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_UINT32); return static_cast<uint32_t *>(TypedArray::viewData(obj)); } JS_FRIEND_API(float *) JS_GetFloat32ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_FLOAT32); return static_cast<float *>(TypedArray::viewData(obj)); } JS_FRIEND_API(double *) JS_GetFloat64ArrayData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray()); JS_ASSERT(TypedArray::type(obj) == ArrayBufferView::TYPE_FLOAT64); return static_cast<double *>(TypedArray::viewData(obj)); } JS_FRIEND_API(JSBool) JS_IsDataViewObject(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); return obj ? obj->isDataView() : false; } JS_FRIEND_API(uint32_t) JS_GetDataViewByteOffset(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; return obj->asDataView().byteOffset(); } JS_FRIEND_API(void *) JS_GetDataViewData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isDataView()); return obj->asDataView().dataPointer(); } JS_FRIEND_API(uint32_t) JS_GetDataViewByteLength(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; JS_ASSERT(obj->isDataView()); return obj->asDataView().byteLength(); } JS_FRIEND_API(void *) JS_GetArrayBufferViewData(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray() || obj->isDataView()); return obj->isDataView() ? obj->asDataView().dataPointer() : TypedArray::viewData(obj); } JS_FRIEND_API(JSObject *) JS_GetArrayBufferViewBuffer(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return NULL; JS_ASSERT(obj->isTypedArray() || obj->isDataView()); return &obj->getFixedSlot(BufferView::BUFFER_SLOT).toObject(); } JS_FRIEND_API(uint32_t) JS_GetArrayBufferViewByteLength(JSObject *obj) { - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) return 0; JS_ASSERT(obj->isTypedArray() || obj->isDataView()); return obj->isDataView() ? obj->asDataView().byteLength() : TypedArray::byteLengthValue(obj).toInt32(); } JS_FRIEND_API(JSObject *) JS_GetObjectAsArrayBufferView(JSObject *obj, uint32_t *length, uint8_t **data) { - if (!(obj = UnwrapObjectChecked(obj))) + if (!(obj = CheckedUnwrap(obj))) return NULL; if (!(obj->isTypedArray() || obj->isDataView())) return NULL; *length = obj->isDataView() ? obj->asDataView().byteLength() : TypedArray::byteLengthValue(obj).toInt32(); *data = static_cast<uint8_t *>(obj->isDataView() ? obj->asDataView().dataPointer() : TypedArray::viewData(obj)); return obj; } JS_FRIEND_API(JSObject *) JS_GetObjectAsArrayBuffer(JSObject *obj, uint32_t *length, uint8_t **data) { - if (!(obj = UnwrapObjectChecked(obj))) + if (!(obj = CheckedUnwrap(obj))) return NULL; if (!obj->isArrayBuffer()) return NULL; *length = obj->asArrayBuffer().byteLength(); *data = obj->asArrayBuffer().dataPointer(); return obj;
--- a/js/src/jsweakmap.cpp +++ b/js/src/jsweakmap.cpp @@ -334,17 +334,17 @@ WeakMap_set(JSContext *cx, unsigned argc CallArgs args = CallArgsFromVp(argc, vp); return CallNonGenericMethod<IsWeakMap, WeakMap_set_impl>(cx, args); } JS_FRIEND_API(JSBool) JS_NondeterministicGetWeakMapKeys(JSContext *cx, JSObject *objArg, JSObject **ret) { RootedObject obj(cx, objArg); - obj = UnwrapObject(obj); + obj = UncheckedUnwrap(obj); if (!obj || !obj->isWeakMap()) { *ret = NULL; return true; } RootedObject arr(cx, NewDenseEmptyArray(cx)); if (!arr) return false; ObjectValueMap *map = GetObjectMap(obj);
--- a/js/src/jswrapper.cpp +++ b/js/src/jswrapper.cpp @@ -66,31 +66,31 @@ Wrapper::wrapperHandler(RawObject wrappe JSObject * Wrapper::wrappedObject(RawObject wrapper) { JS_ASSERT(wrapper->isWrapper()); return GetProxyTargetObject(wrapper); } JS_FRIEND_API(JSObject *) -js::UnwrapObject(JSObject *wrapped, bool stopAtOuter, unsigned *flagsp) +js::UncheckedUnwrap(JSObject *wrapped, bool stopAtOuter, unsigned *flagsp) { unsigned flags = 0; while (wrapped->isWrapper() && !JS_UNLIKELY(stopAtOuter && wrapped->getClass()->ext.innerObject)) { flags |= Wrapper::wrapperHandler(wrapped)->flags(); wrapped = GetProxyPrivate(wrapped).toObjectOrNull(); } if (flagsp) *flagsp = flags; return wrapped; } JS_FRIEND_API(JSObject *) -js::UnwrapObjectChecked(RawObject obj, bool stopAtOuter) +js::CheckedUnwrap(RawObject obj, bool stopAtOuter) { while (true) { JSObject *wrapper = obj; obj = UnwrapOneChecked(obj, stopAtOuter); if (!obj || obj == wrapper) return obj; } } @@ -508,17 +508,17 @@ CrossCompartmentWrapper::construct(JSCon } bool CrossCompartmentWrapper::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, CallArgs srcArgs) { RootedObject wrapper(cx, &srcArgs.thisv().toObject()); JS_ASSERT(srcArgs.thisv().isMagic(JS_IS_CONSTRUCTING) || - !UnwrapObject(wrapper)->isCrossCompartmentWrapper()); + !UncheckedUnwrap(wrapper)->isCrossCompartmentWrapper()); RootedObject wrapped(cx, wrappedObject(wrapper)); { AutoCompartment call(cx, wrapped); InvokeArgsGuard dstArgs; if (!cx->stack.pushInvokeArgs(cx, srcArgs.length(), &dstArgs)) return false; @@ -937,17 +937,17 @@ js::NukeCrossCompartmentWrappers(JSConte for (JSCompartment::WrapperEnum e(c); !e.empty(); e.popFront()) { // Some cross-compartment wrappers are for strings. We're not // interested in those. const CrossCompartmentKey &k = e.front().key; if (k.kind != CrossCompartmentKey::ObjectWrapper) continue; AutoWrapperRooter wobj(cx, WrapperValue(e)); - JSObject *wrapped = UnwrapObject(wobj); + JSObject *wrapped = UncheckedUnwrap(wobj); if (nukeReferencesToWindow == DontNukeWindowReferences && wrapped->getClass()->ext.innerObject) continue; if (targetFilter.match(wrapped->compartment())) { // We found a wrapper to nuke. e.removeFront();
--- a/js/src/jswrapper.h +++ b/js/src/jswrapper.h @@ -38,17 +38,17 @@ class JS_FRIEND_API(Wrapper) : public Di CROSS_COMPARTMENT = 1 << 0, LAST_USED_FLAG = CROSS_COMPARTMENT }; /* * Wrappers can explicitly specify that they are unsafe to unwrap from a * security perspective (as is the case for SecurityWrappers). If a wrapper * is not safe to unwrap, operations requiring full access to the underlying - * object (via UnwrapObjectChecked) will throw. Otherwise, they will succeed. + * object (via CheckedUnwrap) will throw. Otherwise, they will succeed. */ void setSafeToUnwrap(bool safe) { mSafeToUnwrap = safe; } virtual bool isSafeToUnwrap() { return mSafeToUnwrap; } static JSObject *New(JSContext *cx, JSObject *obj, JSObject *proto, JSObject *parent, Wrapper *handler); static JSObject *Renew(JSContext *cx, JSObject *existing, JSObject *obj, Wrapper *handler); @@ -221,24 +221,24 @@ IsWrapper(RawObject obj) return IsProxy(obj) && GetProxyHandler(obj)->family() == &sWrapperFamily; } // Given a JSObject, returns that object stripped of wrappers. If // stopAtOuter is true, then this returns the outer window if it was // previously wrapped. Otherwise, this returns the first object for // which JSObject::isWrapper returns false. JS_FRIEND_API(JSObject *) -UnwrapObject(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL); +UncheckedUnwrap(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL); // Given a JSObject, returns that object stripped of wrappers. At each stage, // the security wrapper has the opportunity to veto the unwrap. Since checked // code should never be unwrapping outer window wrappers, we always stop at // outer windows. JS_FRIEND_API(JSObject *) -UnwrapObjectChecked(RawObject obj, bool stopAtOuter = true); +CheckedUnwrap(RawObject obj, bool stopAtOuter = true); // Unwrap only the outermost security wrapper, with the same semantics as // above. This is the checked version of Wrapper::wrappedObject. JS_FRIEND_API(JSObject *) UnwrapOneChecked(RawObject obj, bool stopAtOuter = true); JS_FRIEND_API(bool) IsCrossCompartmentWrapper(RawObject obj);
--- a/js/src/shell/js.cpp +++ b/js/src/shell/js.cpp @@ -2279,17 +2279,17 @@ Clone(JSContext *cx, unsigned argc, jsva return false; } { Maybe<JSAutoCompartment> ac; RootedObject obj(cx, JSVAL_IS_PRIMITIVE(args[0]) ? NULL : &args[0].toObject()); if (obj && IsCrossCompartmentWrapper(obj)) { - obj = UnwrapObject(obj); + obj = UncheckedUnwrap(obj); ac.construct(cx, obj); args[0] = ObjectValue(*obj); } if (obj && obj->isFunction()) { funobj = obj; } else { JSFunction *fun = JS_ValueToFunction(cx, args[0]); if (!fun) @@ -2515,17 +2515,17 @@ EvalInContext(JSContext *cx, unsigned ar RootedScript script(cx); unsigned lineno; JS_DescribeScriptedCaller(cx, script.address(), &lineno); RootedValue rval(cx); { Maybe<JSAutoCompartment> ac; unsigned flags; - JSObject *unwrapped = UnwrapObject(sobj, true, &flags); + JSObject *unwrapped = UncheckedUnwrap(sobj, true, &flags); if (flags & Wrapper::CROSS_COMPARTMENT) { sobj = unwrapped; ac.construct(cx, sobj); } sobj = GetInnerObject(cx, sobj); if (!sobj) return false; @@ -3455,17 +3455,17 @@ Deserialize(JSContext *cx, unsigned argc static JSObject * NewGlobalObject(JSContext *cx, JSObject *sameZoneAs); static JSBool NewGlobal(JSContext *cx, unsigned argc, jsval *vp) { JSObject *sameZoneAs = NULL; if (argc == 1 && JS_ARGV(cx, vp)[0].isObject()) - sameZoneAs = UnwrapObject(&JS_ARGV(cx, vp)[0].toObject()); + sameZoneAs = UncheckedUnwrap(&JS_ARGV(cx, vp)[0].toObject()); RootedObject global(cx, NewGlobalObject(cx, sameZoneAs)); if (!global) return false; if (!JS_WrapObject(cx, global.address())) return false;
--- a/js/src/vm/Debugger.cpp +++ b/js/src/vm/Debugger.cpp @@ -1858,17 +1858,17 @@ Debugger::unwrapDebuggeeArgument(JSConte if (obj->getClass() == &DebuggerObject_class) { RootedValue rv(cx, v); if (!unwrapDebuggeeValue(cx, &rv)) return NULL; obj = &rv.toObject(); } /* If we have a cross-compartment wrapper, dereference as far as is secure. */ - obj = UnwrapObjectChecked(obj); + obj = CheckedUnwrap(obj); if (!obj) { JS_ReportError(cx, "Permission denied to access object"); return NULL; } /* If that produced an outer window, innerize it. */ obj = GetInnerObject(cx, obj); if (!obj) @@ -4716,17 +4716,17 @@ DebuggerObject_makeDebuggeeValue(JSConte } static bool RequireGlobalObject(JSContext *cx, HandleValue dbgobj, HandleObject obj) { if (!obj->isGlobal()) { /* Help the poor programmer by pointing out wrappers around globals. */ if (obj->isWrapper()) { - JSObject *unwrapped = js::UnwrapObject(obj); + JSObject *unwrapped = js::UncheckedUnwrap(obj); if (unwrapped->isGlobal()) { js_ReportValueErrorFlags(cx, JSREPORT_ERROR, JSMSG_DEBUG_WRAPPER_IN_WAY, JSDVG_SEARCH_STACK, dbgobj, NullPtr(), "a global object", NULL); return false; } }
--- a/js/xpconnect/src/XPCCallContext.cpp +++ b/js/xpconnect/src/XPCCallContext.cpp @@ -143,17 +143,17 @@ XPCCallContext::Init(XPCContext::LangTyp mMethodIndex = 0xDEAD; mState = HAVE_OBJECT; mTearOff = nullptr; if (wrapperInitOptions == INIT_SHOULD_LOOKUP_WRAPPER) { // If the object is a security wrapper, GetWrappedNativeOfJSObject can't // handle it. Do special handling here to make cross-origin Xrays work. - JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!unwrapped) { mWrapper = UnwrapThisIfAllowed(obj, funobj, argc); if (!mWrapper) { JS_ReportError(mJSContext, "Permission denied to call method on |this|"); mState = INIT_FAILED; return; } } else { @@ -454,17 +454,17 @@ XPCLazyCallContext::AssertContextIsTopOf } #endif XPCWrappedNative* XPCCallContext::UnwrapThisIfAllowed(JSObject *object, JSObject *fun, unsigned argc) { JS::Rooted<JSObject *> obj(mJSContext, object); // We should only get here for objects that aren't safe to unwrap. - MOZ_ASSERT(!js::UnwrapObjectChecked(obj)); + MOZ_ASSERT(!js::CheckedUnwrap(obj)); MOZ_ASSERT(js::IsObjectInContextCompartment(obj, mJSContext)); // We can't do anything here without a function. if (!fun) return nullptr; // Determine if we're allowed to unwrap the security wrapper to invoke the // method. @@ -473,17 +473,17 @@ XPCCallContext::UnwrapThisIfAllowed(JSOb // unfortunately our access checks are based on the object class name and // property name. So we cheat a little bit here - we verify that the object // does indeed implement the method's Interface, and then just check that we // can successfully access property with method's name from the object. // First, get the XPCWN out of the underlying object. We should have a wrapper // here, potentially an outer window proxy, and then an XPCWN. MOZ_ASSERT(js::IsWrapper(obj)); - JSObject *unwrapped = js::UnwrapObject(obj, /* stopAtOuter = */ false); + JSObject *unwrapped = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false); MOZ_ASSERT(unwrapped == JS_ObjectToInnerObject(mJSContext, js::Wrapper::wrappedObject(obj))); // Make sure we have an XPCWN, and grab it. MOZ_ASSERT(!IS_SLIM_WRAPPER(unwrapped), "security wrapping morphs slim wrappers"); if (!IS_WRAPPER_CLASS(js::GetObjectClass(unwrapped))) return nullptr; XPCWrappedNative *wn = (XPCWrappedNative*)js::GetObjectPrivate(unwrapped);
--- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -2706,17 +2706,17 @@ nsXPCComponents_Utils::LookupMethod(cons if (!JSVAL_IS_STRING(name)) return NS_ERROR_XPC_BAD_CONVERT_JS; JSString *methodName = name.toString(); jsid methodId = INTERNED_STRING_TO_JSID(cx, JS_InternJSString(cx, methodName)); // If |obj| is a security wrapper, try to unwrap it. If this fails, we // don't have full acccess to the object, in which case we throw. // Otherwise, enter a compartment, since we may have just unwrapped a CCW. - obj = js::UnwrapObjectChecked(obj); + obj = js::CheckedUnwrap(obj); if (!obj) { JS_ReportError(cx, "Permission denied to unwrap object"); return NS_ERROR_XPC_BAD_CONVERT_JS; } { // Enter the target compartment. JSAutoCompartment ac(cx, obj); @@ -3306,17 +3306,17 @@ xpc_CreateSandboxObject(JSContext *cx, j return rv; } } MOZ_ASSERT(principal); } JSObject *sandbox; JS::ZoneSpecifier zoneSpec = options.sameZoneAs - ? JS::SameZoneAs(js::UnwrapObject(options.sameZoneAs)) + ? JS::SameZoneAs(js::UncheckedUnwrap(options.sameZoneAs)) : JS::SystemZone; sandbox = xpc::CreateGlobalObject(cx, &SandboxClass, principal, zoneSpec); if (!sandbox) return NS_ERROR_FAILURE; // Set up the wantXrays flag, which indicates whether xrays are desired even // for same-origin access. // @@ -3342,17 +3342,17 @@ xpc_CreateSandboxObject(JSContext *cx, j if (xpc::WrapperFactory::IsXrayWrapper(options.proto) && !options.wantXrays) { jsval v = OBJECT_TO_JSVAL(options.proto); if (!xpc::WrapperFactory::WaiveXrayAndWrap(cx, &v)) return NS_ERROR_FAILURE; options.proto = JSVAL_TO_OBJECT(v); } // Now check what sort of thing we've got in |proto| - JSObject *unwrappedProto = js::UnwrapObject(options.proto, false); + JSObject *unwrappedProto = js::UncheckedUnwrap(options.proto, false); js::Class *unwrappedClass = js::GetObjectClass(unwrappedProto); if (IS_WRAPPER_CLASS(unwrappedClass) || mozilla::dom::IsDOMClass(Jsvalify(unwrappedClass))) { // Wrap it up in a proxy that will do the right thing in terms // of this-binding for methods. options.proto = js::NewProxyObject(cx, &xpc::sandboxProxyHandler, ObjectValue(*options.proto), nullptr, sandbox); @@ -3904,17 +3904,17 @@ xpc_EvalInSandbox(JSContext *cx, JSObjec const char *filename, int32_t lineNo, JSVersion jsVersion, bool returnStringOnly, jsval *rval) { JS_AbortIfWrongThread(JS_GetRuntime(cx)); JSAutoRequest ar(cx); *rval = JS::UndefinedValue(); bool waiveXray = xpc::WrapperFactory::HasWaiveXrayFlag(sandbox); - sandbox = js::UnwrapObjectChecked(sandbox); + sandbox = js::CheckedUnwrap(sandbox); if (!sandbox || js::GetObjectJSClass(sandbox) != &SandboxClass) { return NS_ERROR_INVALID_ARG; } nsIScriptObjectPrincipal *sop = (nsIScriptObjectPrincipal*)xpc_GetJSPrivate(sandbox); NS_ASSERTION(sop, "Invalid sandbox passed"); nsCOMPtr<nsIPrincipal> prin = sop->GetPrincipal(); @@ -4163,17 +4163,17 @@ nsXPCComponents_Utils::GetGlobalForObjec return NS_ERROR_XPC_BAD_CONVERT_JS; // Wrappers are parented to their the global in their home compartment. But // when getting the global for a cross-compartment wrapper, we really want // a wrapper for the foreign global. So we need to unwrap before getting the // parent, enter the compartment for the duration of the call, and wrap the // result. JS::Rooted<JSObject*> obj(cx, JSVAL_TO_OBJECT(object)); - obj = js::UnwrapObject(obj); + obj = js::UncheckedUnwrap(obj); { JSAutoCompartment ac(cx, obj); obj = JS_GetGlobalForObject(cx, obj); } JS_WrapObject(cx, obj.address()); *retval = OBJECT_TO_JSVAL(obj); // Outerize if necessary. @@ -4189,17 +4189,17 @@ nsXPCComponents_Utils::CreateObjectIn(co { if (!cx) return NS_ERROR_FAILURE; // first argument must be an object if (JSVAL_IS_PRIMITIVE(vobj)) return NS_ERROR_XPC_BAD_CONVERT_JS; - JSObject *scope = js::UnwrapObject(JSVAL_TO_OBJECT(vobj)); + JSObject *scope = js::UncheckedUnwrap(JSVAL_TO_OBJECT(vobj)); JSObject *obj; { JSAutoCompartment ac(cx, scope); obj = JS_NewObject(cx, nullptr, nullptr, scope); if (!obj) return NS_ERROR_FAILURE; } @@ -4215,17 +4215,17 @@ nsXPCComponents_Utils::CreateArrayIn(con { if (!cx) return NS_ERROR_FAILURE; // first argument must be an object if (JSVAL_IS_PRIMITIVE(vobj)) return NS_ERROR_XPC_BAD_CONVERT_JS; - JSObject *scope = js::UnwrapObject(JSVAL_TO_OBJECT(vobj)); + JSObject *scope = js::UncheckedUnwrap(JSVAL_TO_OBJECT(vobj)); JSObject *obj; { JSAutoCompartment ac(cx, scope); obj = JS_NewArrayObject(cx, 0, NULL); if (!obj) return NS_ERROR_FAILURE; } @@ -4243,17 +4243,17 @@ nsXPCComponents_Utils::CreateDateIn(cons { if (!cx) return NS_ERROR_FAILURE; // first argument must be an object if (JSVAL_IS_PRIMITIVE(vobj)) return NS_ERROR_XPC_BAD_CONVERT_JS; - JSObject *scope = js::UnwrapObject(JSVAL_TO_OBJECT(vobj)); + JSObject *scope = js::UncheckedUnwrap(JSVAL_TO_OBJECT(vobj)); JSObject *obj; { JSAutoCompartment ac(cx, scope); obj = JS_NewDateObjectMsec(cx, msec); if (!obj) return NS_ERROR_FAILURE; } @@ -4297,17 +4297,17 @@ nsXPCComponents_Utils::MakeObjectPropsNo { if (!cx) return NS_ERROR_FAILURE; // first argument must be an object if (JSVAL_IS_PRIMITIVE(vobj)) return NS_ERROR_XPC_BAD_CONVERT_JS; - JSObject *obj = js::UnwrapObject(JSVAL_TO_OBJECT(vobj)); + JSObject *obj = js::UncheckedUnwrap(JSVAL_TO_OBJECT(vobj)); JSAutoCompartment ac(cx, obj); JS::AutoIdArray ida(cx, JS_Enumerate(cx, obj)); if (!ida) return NS_ERROR_FAILURE; for (size_t i = 0; i < ida.length(); ++i) { jsid id = ida[i]; @@ -4344,17 +4344,17 @@ nsXPCComponents_Utils::IsDeadWrapper(con } /* void recomputerWrappers(jsval vobj); */ NS_IMETHODIMP nsXPCComponents_Utils::RecomputeWrappers(const jsval &vobj, JSContext *cx) { // Determine the compartment of the given object, if any. JSCompartment *c = vobj.isObject() - ? js::GetObjectCompartment(js::UnwrapObject(&vobj.toObject())) + ? js::GetObjectCompartment(js::UncheckedUnwrap(&vobj.toObject())) : NULL; // If no compartment was given, recompute all. if (!c) js::RecomputeWrappers(cx, js::AllCompartments(), js::AllCompartments()); // Otherwise, recompute wrappers for the given compartment. else js::RecomputeWrappers(cx, js::SingleCompartment(c), js::AllCompartments()) && @@ -4364,33 +4364,33 @@ nsXPCComponents_Utils::RecomputeWrappers } /* jsval setWantXrays(jsval vscope); */ NS_IMETHODIMP nsXPCComponents_Utils::SetWantXrays(const jsval &vscope, JSContext *cx) { if (!vscope.isObject()) return NS_ERROR_INVALID_ARG; - JSObject *scopeObj = js::UnwrapObject(&vscope.toObject()); + JSObject *scopeObj = js::UncheckedUnwrap(&vscope.toObject()); JSCompartment *compartment = js::GetObjectCompartment(scopeObj); EnsureCompartmentPrivate(scopeObj)->wantXrays = true; bool ok = js::RecomputeWrappers(cx, js::SingleCompartment(compartment), js::AllCompartments()); NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE); return NS_OK; } /* jsval getComponentsForScope(jsval vscope); */ NS_IMETHODIMP nsXPCComponents_Utils::GetComponentsForScope(const jsval &vscope, JSContext *cx, jsval *rval) { if (!vscope.isObject()) return NS_ERROR_INVALID_ARG; - JSObject *scopeObj = js::UnwrapObject(&vscope.toObject()); + JSObject *scopeObj = js::UncheckedUnwrap(&vscope.toObject()); XPCWrappedNativeScope *scope = GetObjectScope(scopeObj); XPCCallContext ccx(NATIVE_CALLER, cx); JSObject *components = scope->GetComponentsJSObject(ccx); if (!components) return NS_ERROR_FAILURE; *rval = ObjectValue(*components); if (!JS_WrapValue(cx, rval)) return NS_ERROR_FAILURE; @@ -4400,17 +4400,17 @@ nsXPCComponents_Utils::GetComponentsForS NS_IMETHODIMP nsXPCComponents_Utils::Dispatch(const jsval &runnable_, const jsval &scope, JSContext *cx) { // Enter the given compartment, if any, and rewrap runnable. Maybe<JSAutoCompartment> ac; js::Value runnable = runnable_; if (scope.isObject()) { - JSObject *scopeObj = js::UnwrapObject(&scope.toObject()); + JSObject *scopeObj = js::UncheckedUnwrap(&scope.toObject()); if (!scopeObj) return NS_ERROR_FAILURE; ac.construct(cx, scopeObj); if (!JS_WrapValue(cx, &runnable)) return NS_ERROR_FAILURE; } // Get an XPCWrappedJS for |runnable|. @@ -4513,17 +4513,17 @@ nsXPCComponents_Utils::SetGCZeal(int32_t } NS_IMETHODIMP nsXPCComponents_Utils::NukeSandbox(const JS::Value &obj, JSContext *cx) { NS_ENSURE_TRUE(obj.isObject(), NS_ERROR_INVALID_ARG); JSObject *wrapper = &obj.toObject(); NS_ENSURE_TRUE(IsWrapper(wrapper), NS_ERROR_INVALID_ARG); - JSObject *sb = UnwrapObject(wrapper); + JSObject *sb = UncheckedUnwrap(wrapper); NS_ENSURE_TRUE(GetObjectJSClass(sb) == &SandboxClass, NS_ERROR_INVALID_ARG); NukeCrossCompartmentWrappers(cx, AllCompartments(), SingleCompartment(GetObjectCompartment(sb)), NukeWindowReferences); return NS_OK; } NS_IMETHODIMP
--- a/js/xpconnect/src/XPCConvert.cpp +++ b/js/xpconnect/src/XPCConvert.cpp @@ -1026,25 +1026,25 @@ XPCConvert::JSObject2NativeInterface(JSC // Note that if we have a non-null aOuter then it means that we are // forcing the creation of a wrapper even if the object *is* a // wrappedNative or other wise has 'nsISupportness'. // This allows wrapJSAggregatedToNative to work. // If we're looking at a security wrapper, see now if we're allowed to // pass it to C++. If we are, then fall through to the code below. If // we aren't, throw an exception eagerly. - JSObject* inner = js::UnwrapObjectChecked(src, /* stopAtOuter = */ false); + JSObject* inner = js::CheckedUnwrap(src, /* stopAtOuter = */ false); // Hack - For historical reasons, wrapped chrome JS objects have been // passable as native interfaces. We'd like to fix this, but it // involves fixing the contacts API and PeerConnection to stop using // COWs. This needs to happen, but for now just preserve the old // behavior. if (!inner && MOZ_UNLIKELY(xpc::WrapperFactory::IsCOW(src))) - inner = js::UnwrapObject(src); + inner = js::UncheckedUnwrap(src); if (!inner) { if (pErr) *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO; return false; } // Is this really a native xpcom object with a wrapper? XPCWrappedNative* wrappedNative = nullptr; @@ -1171,17 +1171,17 @@ XPCConvert::JSValToXPCException(XPCCallC JSObject* obj = JSVAL_TO_OBJECT(s); if (!obj) { NS_ERROR("when is an object not an object?"); return NS_ERROR_FAILURE; } // is this really a native xpcom object with a wrapper? - JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!unwrapped) return NS_ERROR_XPC_SECURITY_MANAGER_VETO; XPCWrappedNative* wrapper = IS_WN_WRAPPER(unwrapped) ? XPCWrappedNative::Get(unwrapped) : nullptr; if (wrapper) { nsISupports* supports = wrapper->GetIdentityObject(); nsCOMPtr<nsIException> iface = do_QueryInterface(supports); if (iface) {
--- a/js/xpconnect/src/XPCJSID.cpp +++ b/js/xpconnect/src/XPCJSID.cpp @@ -452,17 +452,17 @@ nsJSIID::Enumerate(nsIXPConnectWrappedNa /* * HasInstance hooks need to find an appropriate reflector in order to function * properly. There are two complexities that we need to handle: * * 1 - Cross-compartment wrappers. Chrome uses over 100 compartments, all with * system principal. The success of an instanceof check should not depend * on which compartment an object comes from. At the same time, we want to * make sure we don't unwrap important security wrappers. - * UnwrapObjectChecked does the right thing here. + * CheckedUnwrap does the right thing here. * * 2 - Prototype chains. Suppose someone creates a vanilla JS object |a| and * sets its __proto__ to some WN |b|. If |b instanceof nsIFoo| returns true, * one would expect |a instanceof nsIFoo| to return true as well, since * instanceof is transitive up the prototype chain in ECMAScript. Moreover, * there's chrome code that relies on this. * * This static method handles both complexities, returning either an XPCWN, a @@ -470,17 +470,17 @@ nsJSIID::Enumerate(nsIXPConnectWrappedNa * from |cx|. */ static JSObject * FindObjectForHasInstance(JSContext *cx, JSObject *obj) { while (obj && !IS_WRAPPER_CLASS(js::GetObjectClass(obj)) && !IsDOMObject(obj)) { if (js::IsWrapper(obj)) - obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); else if (!js::GetObjectProto(cx, obj, &obj)) return nullptr; } return obj; } /* bool hasInstance (in nsIXPConnectWrappedNative wrapper, in JSContextPtr cx, in JSObjectPtr obj, in jsval val, out bool bp); */ @@ -904,17 +904,17 @@ xpc_NewIDObject(JSContext *cx, JSObject* const nsID* xpc_JSObjectToID(JSContext *cx, JSObject* obj) { if (!cx || !obj) return nullptr; // NOTE: this call does NOT addref XPCWrappedNative* wrapper = nullptr; - obj = js::UnwrapObjectChecked(obj); + obj = js::CheckedUnwrap(obj); if (obj && IS_WN_WRAPPER(obj)) wrapper = XPCWrappedNative::Get(obj); if (wrapper && (wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSID)) || wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSIID)) || wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSCID)))) { return ((nsIJSID*)wrapper->GetIdentityObject())->GetID(); } @@ -922,17 +922,17 @@ xpc_JSObjectToID(JSContext *cx, JSObject } JSBool xpc_JSObjectIsID(JSContext *cx, JSObject* obj) { NS_ASSERTION(cx && obj, "bad param"); // NOTE: this call does NOT addref XPCWrappedNative* wrapper = nullptr; - obj = js::UnwrapObjectChecked(obj); + obj = js::CheckedUnwrap(obj); if (obj && IS_WN_WRAPPER(obj)) wrapper = XPCWrappedNative::Get(obj); return wrapper && (wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSID)) || wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSIID)) || wrapper->HasInterfaceNoQI(NS_GET_IID(nsIJSCID))); }
--- a/js/xpconnect/src/XPCQuickStubs.cpp +++ b/js/xpconnect/src/XPCQuickStubs.cpp @@ -542,19 +542,19 @@ getWrapper(JSContext *cx, XPCWrappedNativeTearOff **tearoff) { // We can have at most three layers in need of unwrapping here: // * A (possible) security wrapper // * A (possible) Xray waiver // * A (possible) outer window // // If we pass stopAtOuter == false, we can handle all three with one call - // to js::UnwrapObjectChecked. + // to js::CheckedUnwrap. if (js::IsWrapper(obj)) { - obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); // The safe unwrap might have failed if we encountered an object that // we're not allowed to unwrap. If it didn't fail though, we should be // done with wrappers. if (!obj) return NS_ERROR_XPC_SECURITY_MANAGER_VETO; MOZ_ASSERT(!js::IsWrapper(obj)); }
--- a/js/xpconnect/src/XPCVariant.cpp +++ b/js/xpconnect/src/XPCVariant.cpp @@ -35,17 +35,17 @@ XPCVariant::XPCVariant(JSContext* cx, js // some later point after teardown, which would crash. This is shouldn't // be a problem anymore because SetParentToWindow will do the right // thing, but I'm saving the cleanup here for another day. Blake thinks // that we should just not store the WN if we're creating a variant for // an outer window. JSObject *obj = JS_ObjectToInnerObject(cx, JSVAL_TO_OBJECT(mJSVal)); mJSVal = OBJECT_TO_JSVAL(obj); - JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + JSObject *unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); mReturnRawObject = !(unwrapped && IS_WN_WRAPPER(unwrapped)); } else mReturnRawObject = false; } XPCTraceableVariant::~XPCTraceableVariant() { jsval val = GetJSValPreserveColor();
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp +++ b/js/xpconnect/src/XPCWrappedJSClass.cpp @@ -747,17 +747,17 @@ nsXPCWrappedJSClass::DelegatedQueryInter JSObject* nsXPCWrappedJSClass::GetRootJSObject(JSContext* cx, JSObject* aJSObj) { JSObject* result = CallQueryInterfaceOnJSObject(cx, aJSObj, NS_GET_IID(nsISupports)); if (!result) return aJSObj; - JSObject* inner = js::UnwrapObject(result); + JSObject* inner = js::UncheckedUnwrap(result); if (inner) return inner; return result; } void xpcWrappedJSErrorReporter(JSContext *cx, const char *message, JSErrorReport *report)
--- a/js/xpconnect/src/XPCWrappedNative.cpp +++ b/js/xpconnect/src/XPCWrappedNative.cpp @@ -1680,17 +1680,17 @@ RescueOrphans(XPCCallContext& ccx, JSObj // compartment and fix it up there. We'll fix up |this| afterwards. // // NB: We pass stopAtOuter=false during the unwrap because Location objects // are parented to outer window proxies. nsresult rv; JSObject *parentObj = js::GetObjectParent(obj); if (!parentObj) return NS_OK; // Global object. We're done. - parentObj = js::UnwrapObject(parentObj, /* stopAtOuter = */ false); + parentObj = js::UncheckedUnwrap(parentObj, /* stopAtOuter = */ false); // PreCreate may touch dead compartments. js::AutoMaybeTouchDeadZones agc(parentObj); bool isWN = IS_WRAPPER_CLASS(js::GetObjectClass(obj)); // There's one little nasty twist here. For reasons described in bug 752764, // we nuke SOW-ed objects after transplanting them. This means that nodes @@ -1725,17 +1725,17 @@ RescueOrphans(XPCCallContext& ccx, JSObj // Now that we know our parent is in the right place, determine if we've // been orphaned. If not, we have nothing to do. if (!js::IsCrossCompartmentWrapper(parentObj)) return NS_OK; // We've been orphaned. Find where our parent went, and follow it. if (isWN) { - JSObject *realParent = js::UnwrapObject(parentObj); + JSObject *realParent = js::UncheckedUnwrap(parentObj); XPCWrappedNative *wn = static_cast<XPCWrappedNative*>(js::GetObjectPrivate(obj)); return wn->ReparentWrapperIfFound(ccx, GetObjectScope(parentObj), GetObjectScope(realParent), realParent, wn->GetIdentityObject()); } return ReparentWrapper(ccx, obj);
--- a/js/xpconnect/src/XPCWrappedNativeInfo.cpp +++ b/js/xpconnect/src/XPCWrappedNativeInfo.cpp @@ -13,17 +13,17 @@ // XPCNativeMember // static JSBool XPCNativeMember::GetCallInfo(JSObject* funobj, XPCNativeInterface** pInterface, XPCNativeMember** pMember) { - funobj = js::UnwrapObject(funobj); + funobj = js::UncheckedUnwrap(funobj); jsval ifaceVal = js::GetFunctionNativeReserved(funobj, 0); jsval memberVal = js::GetFunctionNativeReserved(funobj, 1); *pInterface = (XPCNativeInterface*) JSVAL_TO_PRIVATE(ifaceVal); *pMember = (XPCNativeMember*) JSVAL_TO_PRIVATE(memberVal); return true; }
--- a/js/xpconnect/src/XPCWrappedNativeJSOps.cpp +++ b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp @@ -845,17 +845,17 @@ XPC_WN_MaybeResolvingStrictPropertyStub( XPCWrappedNative::GetAndMorphWrappedNativeOfJSObject(cx, obj); \ THROW_AND_RETURN_IF_BAD_WRAPPER(cx, wrapper); \ bool retval = true; \ nsresult rv = wrapper->GetScriptableCallback()-> #define PRE_HELPER_STUB \ XPCWrappedNative* wrapper; \ nsIXPCScriptable* si; \ - JSObject *unwrapped = js::UnwrapObjectChecked(obj, false); \ + JSObject *unwrapped = js::CheckedUnwrap(obj, false); \ if (!unwrapped) { \ JS_ReportError(cx, "Permission denied to operate on object."); \ return false; \ } \ if (!IS_WRAPPER_CLASS(js::GetObjectClass(unwrapped))) { \ return Throw(NS_ERROR_XPC_BAD_OP_ON_WN_PROTO, cx); \ } \ if (IS_SLIM_WRAPPER_OBJECT(unwrapped)) { \
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp +++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp @@ -256,29 +256,29 @@ XPCWrappedNativeScope::EnsureXBLScope(JS // Create the sandbox. JSAutoRequest ar(cx); JS::Value v = JS::UndefinedValue(); nsresult rv = xpc_CreateSandboxObject(cx, &v, ep, options); NS_ENSURE_SUCCESS(rv, nullptr); mXBLScope = &v.toObject(); // Tag it. - EnsureCompartmentPrivate(js::UnwrapObject(mXBLScope))->scope->mIsXBLScope = true; + EnsureCompartmentPrivate(js::UncheckedUnwrap(mXBLScope))->scope->mIsXBLScope = true; // Good to go! return mXBLScope; } namespace xpc { JSObject *GetXBLScope(JSContext *cx, JSObject *contentScope) { JSAutoCompartment ac(cx, contentScope); JSObject *scope = EnsureCompartmentPrivate(contentScope)->scope->EnsureXBLScope(cx); NS_ENSURE_TRUE(scope, nullptr); // See bug 858642. - scope = js::UnwrapObject(scope); + scope = js::UncheckedUnwrap(scope); xpc_UnmarkGrayObject(scope); return scope; } bool AllowXBLScope(JSCompartment *c) { XPCWrappedNativeScope *scope = EnsureCompartmentPrivate(c)->scope; return scope && scope->AllowXBLScope();
--- a/js/xpconnect/src/XPCWrapper.cpp +++ b/js/xpconnect/src/XPCWrapper.cpp @@ -59,17 +59,17 @@ XrayWrapperConstructor(JSContext *cx, un } JSObject *obj = JSVAL_TO_OBJECT(vp[2]); if (!js::IsWrapper(obj)) { *vp = OBJECT_TO_JSVAL(obj); return true; } - obj = js::UnwrapObject(obj); + obj = js::UncheckedUnwrap(obj); *vp = OBJECT_TO_JSVAL(obj); return JS_WrapValue(cx, vp); } // static bool AttachNewConstructorObject(XPCCallContext &ccx, JSObject *aGlobalObject) { @@ -87,15 +87,15 @@ AttachNewConstructorObject(XPCCallContex } // namespace XPCNativeWrapper namespace XPCWrapper { JSObject * UnsafeUnwrapSecurityWrapper(JSObject *obj) { if (js::IsProxy(obj)) { - return js::UnwrapObject(obj); + return js::UncheckedUnwrap(obj); } return obj; } } // namespace XPCWrapper
--- a/js/xpconnect/src/nsXPConnect.cpp +++ b/js/xpconnect/src/nsXPConnect.cpp @@ -1325,17 +1325,17 @@ nsXPConnect::GetNativeOfWrapper(JSContex NS_ASSERTION(aJSObj, "bad param"); XPCCallContext ccx(NATIVE_CALLER, aJSContext); if (!ccx.IsValid()) { UnexpectedFailure(NS_ERROR_FAILURE); return nullptr; } - aJSObj = js::UnwrapObjectChecked(aJSObj, /* stopAtOuter = */ false); + aJSObj = js::CheckedUnwrap(aJSObj, /* stopAtOuter = */ false); if (!aJSObj) { JS_ReportError(aJSContext, "Permission denied to get native of security wrapper"); return nullptr; } if (IS_WRAPPER_CLASS(js::GetObjectClass(aJSObj))) { if (IS_SLIM_WRAPPER_OBJECT(aJSObj)) return (nsISupports*)xpc_GetJSPrivate(aJSObj); else if (XPCWrappedNative *wn = XPCWrappedNative::Get(aJSObj))
--- a/js/xpconnect/src/xpcprivate.h +++ b/js/xpconnect/src/xpcprivate.h @@ -2772,17 +2772,17 @@ public: nsISupports* Object, XPCWrappedNativeScope* Scope, XPCNativeInterface* Interface, XPCWrappedNative** wrapper); static XPCWrappedNative* GetAndMorphWrappedNativeOfJSObject(JSContext* cx, JSObject* obj) { - obj = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); + obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false); if (!obj) return nullptr; if (!IS_WRAPPER_CLASS(js::GetObjectClass(obj))) return nullptr; if (IS_SLIM_WRAPPER_OBJECT(obj) && !MorphSlimWrapper(cx, obj)) return nullptr; MOZ_ASSERT(IS_WN_WRAPPER(obj));
--- a/js/xpconnect/wrappers/AccessCheck.cpp +++ b/js/xpconnect/wrappers/AccessCheck.cpp @@ -78,17 +78,17 @@ AccessCheck::subsumesIgnoringDomain(JSCo return subsumes; } // Does the compartment of the wrapper subsumes the compartment of the wrappee? bool AccessCheck::wrapperSubsumes(JSObject *wrapper) { MOZ_ASSERT(js::IsWrapper(wrapper)); - JSObject *wrapped = js::UnwrapObject(wrapper); + JSObject *wrapped = js::UncheckedUnwrap(wrapper); return AccessCheck::subsumes(js::GetObjectCompartment(wrapper), js::GetObjectCompartment(wrapped)); } bool AccessCheck::isChrome(JSCompartment *compartment) { nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager(); @@ -253,17 +253,17 @@ AccessCheck::needsSystemOnlyWrapper(JSOb XPCWrappedNative *wn = static_cast<XPCWrappedNative *>(js::GetObjectPrivate(obj)); return wn->NeedsSOW(); } bool OnlyIfSubjectIsSystem::isSafeToUnwrap() { // It's nasty to use the context stack here, but the alternative is passing cx all - // the way down through UnwrapObjectChecked, which we just undid in a 100k patch. :-( + // the way down through CheckedUnwrap, which we just undid in a 100k patch. :-( JSContext *cx = nsContentUtils::GetCurrentJSContext(); if (!cx) return true; // If XBL scopes are enabled for this compartment, this hook doesn't need to // be dynamic at all, since SOWs can be opaque. if (xpc::AllowXBLScope(js::GetContextCompartment(cx))) return false; return AccessCheck::isSystemOnlyAccessPermitted(cx); @@ -323,17 +323,17 @@ ExposedPropertiesOnly::check(JSContext * if (!exposedProps.isObject()) { EnterAndThrow(cx, wrapper, "__exposedProps__ must be undefined, null, or an Object"); return false; } JSObject *hallpass = &exposedProps.toObject(); - if (!AccessCheck::subsumes(js::UnwrapObject(hallpass), wrappedObject)) { + if (!AccessCheck::subsumes(js::UncheckedUnwrap(hallpass), wrappedObject)) { EnterAndThrow(cx, wrapper, "Invalid __exposedProps__"); return false; } Access access = NO_ACCESS; JSPropertyDescriptor desc; if (!JS_GetPropertyDescriptorById(cx, hallpass, id, 0, &desc)) {
--- a/js/xpconnect/wrappers/ChromeObjectWrapper.cpp +++ b/js/xpconnect/wrappers/ChromeObjectWrapper.cpp @@ -26,17 +26,17 @@ AllowedByBase(JSContext *cx, JS::Handle< ChromeObjectWrapper *handler = &ChromeObjectWrapper::singleton; return handler->ChromeObjectWrapperBase::enter(cx, wrapper, id, act, &bp); } static bool PropIsFromStandardPrototype(JSContext *cx, JSPropertyDescriptor *desc) { MOZ_ASSERT(desc->obj); - JSObject *unwrapped = js::UnwrapObject(desc->obj); + JSObject *unwrapped = js::UncheckedUnwrap(desc->obj); JSAutoCompartment ac(cx, unwrapped); return JS_IdentifyClassPrototype(cx, unwrapped) != JSProto_Null; } // Note that we're past the policy enforcement stage, here, so we can query // ChromeObjectWrapperBase and get an unfiltered view of the underlying object. // This lets us determine whether the property we would have found (given a // transparent wrapper) would have come off a standard prototype.
--- a/js/xpconnect/wrappers/WrapperFactory.cpp +++ b/js/xpconnect/wrappers/WrapperFactory.cpp @@ -45,17 +45,17 @@ WrapperFactory::IsCOW(JSObject *obj) return IsWrapper(obj) && Wrapper::wrapperHandler(obj) == &ChromeObjectWrapper::singleton; } JSObject * WrapperFactory::GetXrayWaiver(JSObject *obj) { // Object should come fully unwrapped but outerized. - MOZ_ASSERT(obj == UnwrapObject(obj)); + MOZ_ASSERT(obj == UncheckedUnwrap(obj)); MOZ_ASSERT(!js::GetObjectClass(obj)->ext.outerObject); XPCWrappedNativeScope *scope = GetObjectScope(obj); MOZ_ASSERT(scope); if (!scope->mWaiverWrapperMap) return NULL; return xpc_UnmarkGrayObject(scope->mWaiverWrapperMap->Find(obj)); } @@ -95,17 +95,17 @@ WrapperFactory::CreateXrayWaiver(JSConte if (!scope->mWaiverWrapperMap->Add(obj, waiver)) return nullptr; return waiver; } JSObject * WrapperFactory::WaiveXray(JSContext *cx, JSObject *obj) { - obj = UnwrapObject(obj); + obj = UncheckedUnwrap(obj); MOZ_ASSERT(!js::IsInnerObject(obj)); JSObject *waiver = GetXrayWaiver(obj); if (waiver) return waiver; return CreateXrayWaiver(cx, obj); } @@ -129,17 +129,17 @@ WrapperFactory::PrepareForWrapping(JSCon // Outerize any raw inner objects at the entry point here, so that we don't // have to worry about them for the rest of the wrapping code. if (js::IsInnerObject(obj)) { JSAutoCompartment ac(cx, obj); obj = JS_ObjectToOuterObject(cx, obj); NS_ENSURE_TRUE(obj, nullptr); // The outerization hook wraps, which means that we can end up with a // CCW here if |obj| was a navigated-away-from inner. Strip any CCWs. - obj = js::UnwrapObject(obj); + obj = js::UncheckedUnwrap(obj); MOZ_ASSERT(js::IsOuterObject(obj)); } // If we've got an outer window, there's nothing special that needs to be // done here, and we can move on to the next phase of wrapping. We handle // this case first to allow us to assert against wrappers below. if (js::IsOuterObject(obj)) return DoubleWrap(cx, obj, flags); @@ -519,32 +519,32 @@ WrapperFactory::WrapForSameCompartment(J return obj; // Extract the WN. It should exist. XPCWrappedNative *wn = static_cast<XPCWrappedNative *>(xpc_GetJSPrivate(obj)); MOZ_ASSERT(wn, "Trying to wrap a dead WN!"); // The WN knows what to do. JSObject *wrapper = wn->GetSameCompartmentSecurityWrapper(cx); - MOZ_ASSERT_IF(wrapper != obj && IsComponentsObject(js::UnwrapObject(obj)), + MOZ_ASSERT_IF(wrapper != obj && IsComponentsObject(js::UncheckedUnwrap(obj)), !Wrapper::wrapperHandler(wrapper)->isSafeToUnwrap()); return wrapper; } // Call WaiveXrayAndWrap when you have a JS object that you don't want to be // wrapped in an Xray wrapper. cx->compartment is the compartment that will be // using the returned object. If the object to be wrapped is already in the // correct compartment, then this returns the unwrapped object. bool WrapperFactory::WaiveXrayAndWrap(JSContext *cx, jsval *vp) { if (JSVAL_IS_PRIMITIVE(*vp)) return JS_WrapValue(cx, vp); - JSObject *obj = js::UnwrapObject(JSVAL_TO_OBJECT(*vp)); + JSObject *obj = js::UncheckedUnwrap(JSVAL_TO_OBJECT(*vp)); MOZ_ASSERT(!js::IsInnerObject(obj)); if (js::IsObjectInContextCompartment(obj, cx)) { *vp = OBJECT_TO_JSVAL(obj); return true; } obj = WaiveXray(cx, obj); if (!obj)
--- a/js/xpconnect/wrappers/WrapperFactory.h +++ b/js/xpconnect/wrappers/WrapperFactory.h @@ -17,30 +17,30 @@ class WrapperFactory { public: enum { WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1, IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1, SOW_FLAG = IS_XRAY_WRAPPER_FLAG << 1 }; // Return true if any of any of the nested wrappers have the flag set. static bool HasWrapperFlag(JSObject *wrapper, unsigned flag) { unsigned flags = 0; - js::UnwrapObject(wrapper, true, &flags); + js::UncheckedUnwrap(wrapper, true, &flags); return !!(flags & flag); } static bool IsXrayWrapper(JSObject *wrapper) { return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG); } static bool HasWaiveXrayFlag(JSObject *wrapper) { return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG); } static bool IsSecurityWrapper(JSObject *obj) { - return !js::UnwrapObjectChecked(obj); + return !js::CheckedUnwrap(obj); } static bool IsCOW(JSObject *wrapper); static JSObject *GetXrayWaiver(JSObject *obj); static JSObject *CreateXrayWaiver(JSContext *cx, JSObject *obj); static JSObject *WaiveXray(JSContext *cx, JSObject *obj);
--- a/js/xpconnect/wrappers/XrayWrapper.cpp +++ b/js/xpconnect/wrappers/XrayWrapper.cpp @@ -47,17 +47,17 @@ JSClass HolderClass = { }; } using namespace XrayUtils; XrayType GetXrayType(JSObject *obj) { - obj = js::UnwrapObject(obj, /* stopAtOuter = */ false); + obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false); if (mozilla::dom::UseDOMXray(obj)) return XrayForDOMObject; js::Class* clasp = js::GetObjectClass(obj); if (IS_WRAPPER_CLASS(clasp) || clasp->ext.innerObject) { NS_ASSERTION(clasp->ext.innerObject || IS_WN_WRAPPER_OBJECT(obj), "We forgot to Morph a slim wrapper!"); return XrayForWrappedNative; @@ -126,17 +126,17 @@ public: { } }; class XrayTraits { public: static JSObject* getTargetObject(JSObject *wrapper) { - return js::UnwrapObject(wrapper, /* stopAtOuter = */ false); + return js::UncheckedUnwrap(wrapper, /* stopAtOuter = */ false); } virtual bool resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper, HandleObject wrapper, HandleObject holder, HandleId id, JSPropertyDescriptor *desc, unsigned flags); static bool call(JSContext *cx, HandleObject wrapper, const JS::CallArgs &args) {