[INFER] ContextStack::currentScript should only return scripts from the current compartment, bug 662841.
authorBrian Hackett <bhackett1024@gmail.com>
Sat, 02 Jul 2011 18:49:09 -0700
changeset 75175 279a046a56cd4ef5fb087715ec140a28f52a3953
parent 75174 90768623f7ec6ed660b4d196e6b90c1b85c12540
child 75176 c5e43682922d87d6217b6abe363a242262e4959a
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs662841
milestone7.0a1
[INFER] ContextStack::currentScript should only return scripts from the current compartment, bug 662841.
js/src/jit-test/tests/basic/bug662841.js
js/src/vm/Stack-inl.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug662841.js
@@ -0,0 +1,4 @@
+var e = newGlobal("new-compartment");
+for (let w in [0, 0, 0, 0, 0, 0, 0, 0]) {
+    -e;
+}
--- a/js/src/vm/Stack-inl.h
+++ b/js/src/vm/Stack-inl.h
@@ -608,40 +608,47 @@ ContextStack::popFrameAfterOverflow()
     FrameRegs &regs = seg_->regs();
     StackFrame *fp = regs.fp();
     regs.popFrame(fp->actualArgsEnd());
 }
 
 inline JSScript *
 ContextStack::currentScript(jsbytecode **ppc) const
 {
+    if (ppc)
+        *ppc = NULL;
+
     FrameRegs *regs = maybeRegs();
     StackFrame *fp = regs ? regs->fp() : NULL;
     while (fp && fp->isDummyFrame())
         fp = fp->prev();
-    if (!fp) {
-        if (ppc)
-            *ppc = NULL;
+    if (!fp)
         return NULL;
-    }
 
 #ifdef JS_METHODJIT
     mjit::CallSite *inlined = regs->inlined();
     if (inlined) {
         JS_ASSERT(inlined->inlineIndex < fp->jit()->nInlineFrames);
         mjit::InlineFrame *frame = &fp->jit()->inlineFrames()[inlined->inlineIndex];
+        JSScript *script = frame->fun->script();
+        if (script->compartment != cx_->compartment)
+            return NULL;
         if (ppc)
-            *ppc = frame->fun->script()->code + inlined->pcOffset;
-        return frame->fun->script();
+            *ppc = script->code + inlined->pcOffset;
+        return script;
     }
 #endif
 
+    JSScript *script = fp->script();
+    if (script->compartment != cx_->compartment)
+        return NULL;
+
     if (ppc)
         *ppc = fp->pcQuadratic(*this);
-    return fp->script();
+    return script;
 }
 
 inline JSObject *
 ContextStack::currentScriptedScopeChain() const
 {
     return &fp()->scopeChain();
 }