Bug 1137910 part 1. Don't lose track of the original 'this' object in THIS_SAVEDFRAME, so we can actually do things based on the principal of the object we're working with. r=fitzgen
authorBoris Zbarsky <bzbarsky@mit.edu>
Tue, 03 Mar 2015 07:12:01 -0500
changeset 247019 5d359ff807ef5cfa7956d145d2f2242208495de8
parent 247018 869b6ba711b08ce63e865b8667a4b15b6425480d
child 247020 5816dfd514af9be89d5d1e601b6a63e8b02a7975
push id884
push userdburns@mozilla.com
push dateTue, 03 Mar 2015 15:29:12 +0000
reviewersfitzgen
bugs1137910
milestone39.0a1
Bug 1137910 part 1. Don't lose track of the original 'this' object in THIS_SAVEDFRAME, so we can actually do things based on the principal of the object we're working with. r=fitzgen
js/src/vm/SavedStacks.cpp
js/src/vm/SavedStacks.h
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@@ -333,17 +333,17 @@ GetFirstSubsumedSavedFrame(JSContext *cx
     if (!savedFrame)
         return nullptr;
     RootedSavedFrame frame(cx, &savedFrame->as<SavedFrame>());
     return GetFirstSubsumedFrame(cx, frame);
 }
 
 /* static */ bool
 SavedFrame::checkThis(JSContext *cx, CallArgs &args, const char *fnName,
-                      MutableHandleSavedFrame frame)
+                      MutableHandleObject frame)
 {
     const Value &thisValue = args.thisv();
 
     if (!thisValue.isObject()) {
         JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_NOT_NONNULL_OBJECT, InformalValueTypeName(thisValue));
         return false;
     }
 
@@ -359,37 +359,37 @@ SavedFrame::checkThis(JSContext *cx, Cal
     // instances, however doesn't actually represent a captured stack frame. It
     // is the only object that is<SavedFrame>() but doesn't have a source.
     if (thisObject->as<SavedFrame>().getReservedSlot(JSSLOT_SOURCE).isNull()) {
         JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_INCOMPATIBLE_PROTO,
                              SavedFrame::class_.name, fnName, "prototype object");
         return false;
     }
 
-    // The caller might not have the principals to see this frame's data, so get
-    // the first one they _do_ have access to.
-    RootedSavedFrame rooted(cx, &thisObject->as<SavedFrame>());
-    frame.set(GetFirstSubsumedFrame(cx, rooted));
+    // Now set "frame" to the actual object we were invoked in (which may be a
+    // wrapper), not the unwrapped version.  Consumers will need to know what
+    // that original object was, and will do principal checks as needed.
+    frame.set(&thisValue.toObject());
     return true;
 }
 
 // Get the SavedFrame * from the current this value and handle any errors that
 // might occur therein.
 //
 // These parameters must already exist when calling this macro:
 //   - JSContext  *cx
 //   - unsigned   argc
 //   - Value      *vp
 //   - const char *fnName
 // These parameters will be defined after calling this macro:
 //   - CallArgs args
 //   - Rooted<SavedFrame *> frame (will be non-null)
 #define THIS_SAVEDFRAME(cx, argc, vp, fnName, args, frame)             \
     CallArgs args = CallArgsFromVp(argc, vp);                          \
-    RootedSavedFrame frame(cx);                                        \
+    RootedObject frame(cx);                                            \
     if (!checkThis(cx, args, fnName, &frame))                          \
         return false;
 
 } /* namespace js */
 
 namespace JS {
 
 static inline js::SavedFrame *
--- a/js/src/vm/SavedStacks.h
+++ b/js/src/vm/SavedStacks.h
@@ -101,17 +101,17 @@ class SavedFrame : public NativeObject {
     // private value parent pointer doesn't match the regular parent pointer, we
     // know that GC moved the parent and we need to update our private value and
     // rekey the saved frame in its hash set. These two methods are helpers for
     // this process.
     bool parentMoved();
     void updatePrivateParent();
 
     static bool checkThis(JSContext *cx, CallArgs &args, const char *fnName,
-                          MutableHandleSavedFrame frame);
+                          MutableHandleObject frame);
 };
 
 struct SavedFrame::HashPolicy
 {
     typedef SavedFrame::Lookup               Lookup;
     typedef PointerHasher<SavedFrame *, 3>   SavedFramePtrHasher;
     typedef PointerHasher<JSPrincipals *, 3> JSPrincipalsPtrHasher;