Bug 780712 - CrossCompartmentWrapper needs to handle regexp_toShared (r=billm)
authorLuke Wagner <luke@mozilla.com>
Tue, 07 Aug 2012 09:50:52 -0700
changeset 103598 a2398a7be210807551680096696a8626650eecaf
parent 103597 de346dd6e48aa229d6bab5cdba5c2331988d553b
child 103599 13e6a06bc805442bafa7190c2c6147232accf1e7
push id37
push usershu@rfrn.org
push dateThu, 16 Aug 2012 01:15:22 +0000
reviewersbillm
bugs780712
milestone17.0a1
Bug 780712 - CrossCompartmentWrapper needs to handle regexp_toShared (r=billm)
js/src/jit-test/tests/basic/testBug780712.js
js/src/jswrapper.cpp
js/src/jswrapper.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/testBug780712.js
@@ -0,0 +1,9 @@
+r = evalcx("/x/", undefined);
+s = "";
+gc()
+Function("\
+    s.match(r);\
+    schedulegc(__proto__);\
+    ({c:schedulegc(2)});\
+    s.match(r);\
+")()
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@@ -828,16 +828,26 @@ CrossCompartmentWrapper::fun_toString(JS
 
     call.leave();
     if (!cx->compartment->wrap(cx, &str))
         return NULL;
     return str;
 }
 
 bool
+CrossCompartmentWrapper::regexp_toShared(JSContext *cx, JSObject *wrapper, RegExpGuard *g)
+{
+    AutoCompartment call(cx, wrappedObject(wrapper));
+    if (!call.enter())
+        return false;
+
+    return DirectWrapper::regexp_toShared(cx, wrapper, g);
+}
+
+bool
 CrossCompartmentWrapper::defaultValue(JSContext *cx, JSObject *wrapper, JSType hint, Value *vp)
 {
     AutoCompartment call(cx, wrappedObject(wrapper));
     if (!call.enter())
         return false;
 
     if (!IndirectProxyHandler::defaultValue(cx, wrapper, hint, vp))
         return false;
--- a/js/src/jswrapper.h
+++ b/js/src/jswrapper.h
@@ -244,16 +244,17 @@ class JS_FRIEND_API(CrossCompartmentWrap
     /* Spidermonkey extensions. */
     virtual bool call(JSContext *cx, JSObject *wrapper, unsigned argc, Value *vp) MOZ_OVERRIDE;
     virtual bool construct(JSContext *cx, JSObject *wrapper, unsigned argc, Value *argv, Value *rval) MOZ_OVERRIDE;
     virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
                             CallArgs args) MOZ_OVERRIDE;
     virtual bool hasInstance(JSContext *cx, JSObject *wrapper, const Value *vp, bool *bp) MOZ_OVERRIDE;
     virtual JSString *obj_toString(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
     virtual JSString *fun_toString(JSContext *cx, JSObject *wrapper, unsigned indent) MOZ_OVERRIDE;
+    virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g) MOZ_OVERRIDE;
     virtual bool defaultValue(JSContext *cx, JSObject *wrapper, JSType hint, Value *vp) MOZ_OVERRIDE;
     virtual bool iteratorNext(JSContext *cx, JSObject *wrapper, Value *vp);
 
     static CrossCompartmentWrapper singleton;
 };
 
 /*
  * Base class for security wrappers. A security wrapper is potentially hiding