Skip to content

Commit

Permalink
Bug 1287335 - Properly handle failure to unwrap cross-compartment wra…
Browse files Browse the repository at this point in the history 
…ppers in Promise-related DebuggerObject accessors. r=fitzgen
  • Loading branch information
@tschneidereit
tschneidereit committed Jul 20, 2016
1 parent 071ad8d commit cf3c80f
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 9 deletions.
36 changes: 28 additions & 8 deletions js/src/vm/Debugger.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8006,6 +8006,10 @@ DebuggerObject::checkThis(JSContext* cx, const CallArgs& args, const char* fnnam
#define THIS_DEBUGOBJECT_PROMISE(cx, argc, vp, fnname, args, obj) \
THIS_DEBUGOBJECT_REFERENT(cx, argc, vp, fnname, args, obj); \
obj = CheckedUnwrap(obj); \
if (!obj) { \
JS_ReportError(cx, "Permission denied to access object"); \
return false; \
} \
if (!obj->is<PromiseObject>()) { \
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_NOT_EXPECTED_TYPE, \
"Debugger", "Promise", obj->getClass()->name); \
Expand All @@ -8016,6 +8020,10 @@ DebuggerObject::checkThis(JSContext* cx, const CallArgs& args, const char* fnnam
#define THIS_DEBUGOBJECT_OWNER_PROMISE(cx, argc, vp, fnname, args, dbg, obj) \
THIS_DEBUGOBJECT_OWNER_REFERENT(cx, argc, vp, fnname, args, dbg, obj); \
obj = CheckedUnwrap(obj); \
if (!obj) { \
JS_ReportError(cx, "Permission denied to access object"); \
return false; \
} \
if (!obj->is<PromiseObject>()) { \
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_NOT_EXPECTED_TYPE, \
"Debugger", "Promise", obj->getClass()->name); \
Expand Down Expand Up @@ -8329,7 +8337,11 @@ DebuggerObject::isPromiseGetter(JSContext* cx, unsigned argc, Value* vp)
{
THIS_DEBUGOBJECT(cx, argc, vp, "get isPromise", args, object)

args.rval().setBoolean(object->isPromise());
bool result;
if (!DebuggerObject::isPromise(cx, object, result))
return false;

args.rval().setBoolean(result);
return true;
}

Expand Down Expand Up @@ -9008,14 +9020,22 @@ DebuggerObject::isGlobal() const
return referent()->is<GlobalObject>();
}

bool
DebuggerObject::isPromise() const
/* static */ bool
DebuggerObject::isPromise(JSContext* cx, Handle<DebuggerObject*> object,
bool& result)
{
JSObject* obj = referent();
if (IsCrossCompartmentWrapper(obj))
obj = CheckedUnwrap(obj);
JSObject* referent = object->referent();
if (IsCrossCompartmentWrapper(referent)) {
referent = CheckedUnwrap(referent);

if (!referent) {
JS_ReportError(cx, "Permission denied to access object");
return false;
}
}

return obj->is<PromiseObject>();
result = referent->is<PromiseObject>();
return true;
}

/* static */ bool
Expand Down Expand Up @@ -10110,7 +10130,7 @@ DebuggerEnvironment::getNames(JSContext* cx, Handle<DebuggerEnvironment*> enviro
if (JSID_IS_ATOM(id) && IsIdentifier(JSID_TO_ATOM(id))) {
if (!result.append(id))
return false;
}
}
}

return true;
Expand Down
3 changes: 2 additions & 1 deletion js/src/vm/Debugger.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1242,6 +1242,8 @@ class DebuggerObject : public NativeObject
MutableHandleObject result);
static MOZ_MUST_USE bool unwrap(JSContext* cx, Handle<DebuggerObject*> object,
MutableHandle<DebuggerObject*> result);
static MOZ_MUST_USE bool isPromise(JSContext* cx, Handle<DebuggerObject*> object,
bool& result);

// Infallible properties
bool isCallable() const;
Expand All @@ -1250,7 +1252,6 @@ class DebuggerObject : public NativeObject
bool isBoundFunction() const;
bool isArrowFunction() const;
bool isGlobal() const;
bool isPromise() const;
JSAtom* name() const;
JSAtom* displayName() const;

Expand Down

0 comments on commit cf3c80f

Please sign in to comment.