summaryrefslogtreecommitdiffstats
path: root/js/src/builtin
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-03-17 10:47:56 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-03-17 10:47:56 +0100
commit56bcb6b5af91696e2700b6477db2473b5921bce1 (patch)
treef3d1714b551641951b34d0126ec65164171a5612 /js/src/builtin
parente4c64e1a3dd007880ccd12a4273baae9b4380519 (diff)
downloadUXP-56bcb6b5af91696e2700b6477db2473b5921bce1.tar
UXP-56bcb6b5af91696e2700b6477db2473b5921bce1.tar.gz
UXP-56bcb6b5af91696e2700b6477db2473b5921bce1.tar.lz
UXP-56bcb6b5af91696e2700b6477db2473b5921bce1.tar.xz
UXP-56bcb6b5af91696e2700b6477db2473b5921bce1.zip
Handle same-compartment wrappers in TypedArray methods.
CallTypedArrayMethodIfWrapped (and the CallNonGeneric machinery throughout the engine) unwraps the `this` argument, but the other arguments are only rewrapped for the target compartment. The pattern being used before this patch to get the length of a TypedArray or possible TypedArray wrapper is: `callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength")` The first `O` is the `this` value and the second is an argument. If `O` is a cross-compartment wrapper, this works fine. The first `O` is unwrapped, revealing the actual TypedArray object; the second `O` is rewrapped for that TypedArray's compartment, producing the same TypedArray. However, if `O` is a same-compartment wrapper, this doesn't work. The first `O` is unwrapped, revealing the actual TypedArray object in the same compartment; rewrapping the other `O` does nothing to it, since it is already an object in the target compartment. Thus TypedArrayLength receives a `this` value that's an unwrapped TypedArray, but an argument that is still a wrapper. The fix is to have CallTypedArrayMethodIfWrapped targets only expect `this` to be an unwrapped TypedArray.
Diffstat (limited to 'js/src/builtin')
-rw-r--r--js/src/builtin/TypedArray.js75
1 files changed, 35 insertions, 40 deletions
diff --git a/js/src/builtin/TypedArray.js b/js/src/builtin/TypedArray.js
index 4d2d6488f..4a3f38365 100644
--- a/js/src/builtin/TypedArray.js
+++ b/js/src/builtin/TypedArray.js
@@ -35,6 +35,10 @@ function IsDetachedBuffer(buffer) {
return (flags & JS_ARRAYBUFFER_DETACHED_FLAG) !== 0;
}
+function TypedArrayLengthMethod() {
+ return TypedArrayLength(this);
+}
+
function GetAttachedArrayBuffer(tarray) {
var buffer = ViewedArrayBufferIfReified(tarray);
if (IsDetachedBuffer(buffer))
@@ -42,6 +46,10 @@ function GetAttachedArrayBuffer(tarray) {
return buffer;
}
+function GetAttachedArrayBufferMethod() {
+ return GetAttachedArrayBuffer(this);
+}
+
// A function which ensures that the argument is either a typed array or a
// cross-compartment wrapper for a typed array and that the typed array involved
// has an attached array buffer. If one of those conditions doesn't hold (wrong
@@ -54,10 +62,7 @@ function IsTypedArrayEnsuringArrayBuffer(arg) {
return true;
}
- // This is a bit hacky but gets the job done: the first `arg` is used to
- // test for a wrapped typed array, the second as an argument to
- // GetAttachedArrayBuffer.
- callFunction(CallTypedArrayMethodIfWrapped, arg, arg, "GetAttachedArrayBuffer");
+ callFunction(CallTypedArrayMethodIfWrapped, arg, "GetAttachedArrayBufferMethod");
return false;
}
@@ -98,8 +103,8 @@ function TypedArrayCreateWithLength(constructor, length) {
if (isTypedArray) {
len = TypedArrayLength(newTypedArray);
} else {
- len = callFunction(CallTypedArrayMethodIfWrapped, newTypedArray, newTypedArray,
- "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, newTypedArray,
+ "TypedArrayLengthMethod");
}
if (len < length)
@@ -259,15 +264,14 @@ function TypedArrayEvery(callbackfn/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -348,15 +352,14 @@ function TypedArrayFilter(callbackfn/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Step 3.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 4.
if (arguments.length === 0)
@@ -410,15 +413,14 @@ function TypedArrayFind(predicate/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -452,15 +454,14 @@ function TypedArrayFindIndex(predicate/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -492,15 +493,14 @@ function TypedArrayForEach(callbackfn/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Step 3-4.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 5.
if (arguments.length === 0)
@@ -686,15 +686,14 @@ function TypedArrayMap(callbackfn/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Step 3.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 4.
if (arguments.length === 0)
@@ -730,15 +729,14 @@ function TypedArrayReduce(callbackfn/*, initialValue*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -776,15 +774,14 @@ function TypedArrayReduceRight(callbackfn/*, initialValue*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -1034,15 +1031,14 @@ function TypedArraySome(callbackfn/*, thisArg*/) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(O);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Steps 3-5.
var len;
if (isTypedArray)
len = TypedArrayLength(O);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, O, O, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, O, "TypedArrayLengthMethod");
// Step 6.
if (arguments.length === 0)
@@ -1137,7 +1133,7 @@ function TypedArraySort(comparefn) {
if (isTypedArray) {
buffer = GetAttachedArrayBuffer(obj);
} else {
- buffer = callFunction(CallTypedArrayMethodIfWrapped, obj, obj, "GetAttachedArrayBuffer");
+ buffer = callFunction(CallTypedArrayMethodIfWrapped, obj, "GetAttachedArrayBufferMethod");
}
// Step 3.
@@ -1145,7 +1141,7 @@ function TypedArraySort(comparefn) {
if (isTypedArray) {
len = TypedArrayLength(obj);
} else {
- len = callFunction(CallTypedArrayMethodIfWrapped, obj, obj, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, obj, "TypedArrayLengthMethod");
}
if (comparefn === undefined) {
@@ -1181,8 +1177,8 @@ function TypedArraySort(comparefn) {
if (isTypedArray) {
buffer = GetAttachedArrayBuffer(obj);
} else {
- buffer = callFunction(CallTypedArrayMethodIfWrapped, obj, obj,
- "GetAttachedArrayBuffer");
+ buffer = callFunction(CallTypedArrayMethodIfWrapped, obj,
+ "GetAttachedArrayBufferMethod");
}
}
var bufferDetached;
@@ -1217,15 +1213,14 @@ function TypedArrayToLocaleString(locales = undefined, options = undefined) {
// We want to make sure that we have an attached buffer, per spec prose.
var isTypedArray = IsTypedArrayEnsuringArrayBuffer(array);
- // If we got here, `this` is either a typed array or a cross-compartment
- // wrapper for one.
+ // If we got here, `this` is either a typed array or a wrapper for one.
// Step 2.
var len;
if (isTypedArray)
len = TypedArrayLength(array);
else
- len = callFunction(CallTypedArrayMethodIfWrapped, array, array, "TypedArrayLength");
+ len = callFunction(CallTypedArrayMethodIfWrapped, array, "TypedArrayLengthMethod");
// Step 4.
if (len === 0)