Bug 1131797 part 3. Store the object we originally come from in a reserved slot on XPConnect functions instead of using the parent pointer. r=bholley
authorBoris Zbarsky <bzbarsky@mit.edu>
Tue, 03 Mar 2015 07:12:01 -0500
changeset 247017 5f9adee38d45d5897a009189ce1fff7e7acdd1ca
parent 247016 7aa34e8b4809dd4e411af72a16aae774054ac3dc
child 247018 869b6ba711b08ce63e865b8667a4b15b6425480d
push id884
push userdburns@mozilla.com
push dateTue, 03 Mar 2015 15:29:12 +0000
reviewersbholley
bugs1131797
milestone39.0a1
Bug 1131797 part 3. Store the object we originally come from in a reserved slot on XPConnect functions instead of using the parent pointer. r=bholley
js/xpconnect/src/XPCWrappedNativeInfo.cpp
js/xpconnect/src/XPCWrappedNativeJSOps.cpp
js/xpconnect/src/xpcprivate.h
--- a/js/xpconnect/src/XPCWrappedNativeInfo.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeInfo.cpp
@@ -80,26 +80,28 @@ XPCNativeMember::Resolve(XPCCallContext&
             argc-- ;
 
         callback = XPC_WN_CallMethod;
     } else {
         argc = 0;
         callback = XPC_WN_GetterSetter;
     }
 
-    JSFunction *fun = js::NewFunctionByIdWithReserved(ccx, callback, argc, 0, parent, GetName());
+    JSFunction *fun = js::NewFunctionByIdWithReserved(ccx, callback, argc, 0, nullptr, GetName());
     if (!fun)
         return false;
 
     JSObject* funobj = JS_GetFunctionObject(fun);
     if (!funobj)
         return false;
 
     js::SetFunctionNativeReserved(funobj, XPC_FUNCTION_NATIVE_MEMBER_SLOT,
                                   PrivateValue(this));
+    js::SetFunctionNativeReserved(funobj, XPC_FUNCTION_PARENT_OBJECT_SLOT,
+                                  ObjectValue(*parent));
 
     *vp = OBJECT_TO_JSVAL(funobj);
 
     return true;
 }
 
 /***************************************************************************/
 // XPCNativeInterface
--- a/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
@@ -1103,21 +1103,24 @@ XPCNativeScriptableShared::PopulateJSCla
 
 #define IS_NOHELPER_CLASS(clasp) (clasp == &XPC_WN_NoHelper_JSClass.base)
 #define IS_CU_CLASS(clasp) (clasp->name[0] == 'n' && !strcmp(clasp->name, "nsXPCComponents_Utils"))
 
 MOZ_ALWAYS_INLINE JSObject*
 FixUpThisIfBroken(JSObject *obj, JSObject *funobj)
 {
     if (funobj) {
-        const js::Class *parentClass = js::GetObjectClass(js::GetObjectParent(funobj));
+        JSObject* parentObj =
+            &js::GetFunctionNativeReserved(funobj,
+                                           XPC_FUNCTION_PARENT_OBJECT_SLOT).toObject();
+        const js::Class *parentClass = js::GetObjectClass(parentObj);
         if (MOZ_UNLIKELY((IS_NOHELPER_CLASS(parentClass) || IS_CU_CLASS(parentClass)) &&
                          (js::GetObjectClass(obj) != parentClass)))
         {
-            return js::GetObjectParent(funobj);
+            return parentObj;
         }
     }
     return obj;
 }
 
 bool
 XPC_WN_CallMethod(JSContext *cx, unsigned argc, jsval *vp)
 {
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -1248,16 +1248,17 @@ private:
     // be XBL.
     bool mAllowContentXBLScope;
     bool mUseContentXBLScope;
 };
 
 /***************************************************************************/
 // Slots we use for our functions
 #define XPC_FUNCTION_NATIVE_MEMBER_SLOT 0
+#define XPC_FUNCTION_PARENT_OBJECT_SLOT 1
 
 /***************************************************************************/
 // XPCNativeMember represents a single idl declared method, attribute or
 // constant.
 
 // Tight. No virtual methods. Can be bitwise copied (until any resolution done).
 
 class XPCNativeMember