Bug 720619 - Always call the enter() trap for [[DefaultValue]]. r=bz,ejbruel,luke a=akeybl
authorBobby Holley <bobbyholley@gmail.com>
Thu, 11 Oct 2012 12:55:34 -0400
changeset 82023 863bac88c122b54f68b5b7f662a946e3e17201f6
parent 82022 ebffbd29624cc2ac1007c5b17059d8eb5f9f5164
child 82024 9806d9532ce352ac193dc48a3b14ed61dcb6c214
push id293
push useramccreight@mozilla.com
push dateThu, 11 Oct 2012 16:56:13 +0000
reviewersbz, ejbruel, luke, akeybl
bugs720619
milestone10.0.9esrpre
Bug 720619 - Always call the enter() trap for [[DefaultValue]]. r=bz,ejbruel,luke a=akeybl
js/src/jswrapper.cpp
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@@ -348,20 +348,36 @@ Wrapper::defaultValue(JSContext *cx, JSO
     {
         return DefaultValue(cx, wrapper, hint, vp);
     }
 
     AutoCompartment call(cx, wrapped);
     if (!call.enter())
         return false;
 
+    // Given the subsumes check above, we should definitely be able to enter
+    // the compartment at this point. However, we still want to call the
+    // enter() policy enforcement trap on the wrapper, because that might have
+    // *ahem* important side effects. It really shouldn't fail, but given that
+    // this is a late-breaking esr10 fix, let's just handle the failure if it
+    // happens.
+    //
+    // NB: Passing JSID_VOID as the 'property being accessed' here mimics what
+    // we do for things like enumerate. Given that we're not actually expecting
+    // to be vetoed here, that should be fine.
+    bool status;
+    if (!enter(cx, wrapper, JSID_VOID, GET, &status))
+        return status; // Totally unexpected, but roll with it. This is safe.
     *vp = ObjectValue(*wrapped);
     if (hint == JSTYPE_VOID)
-        return ToPrimitive(cx, vp);
-    return ToPrimitive(cx, hint, vp);
+        status = ToPrimitive(cx, vp);
+    else
+        status = ToPrimitive(cx, hint, vp);
+    leave(cx, wrapper);
+    return status;
 }
 
 void
 Wrapper::trace(JSTracer *trc, JSObject *wrapper)
 {
     MarkObject(trc, *wrappedObject(wrapper), "wrappedObject");
 }