summaryrefslogtreecommitdiffstats
path: root/js/src/builtin
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-02 11:07:35 -0700
committerwolfbeast <mcwerewolf@gmail.com>2018-06-07 08:52:09 +0200
commit0e550f2fb90ada0b608bc1e1982b100291651806 (patch)
tree04820ea1ba44b247afe55a0f3454b347675916bb /js/src/builtin
parent835749ed6d411f006fe9d90ba7479233dcfe8ec7 (diff)
downloadUXP-0e550f2fb90ada0b608bc1e1982b100291651806.tar
UXP-0e550f2fb90ada0b608bc1e1982b100291651806.tar.gz
UXP-0e550f2fb90ada0b608bc1e1982b100291651806.tar.lz
UXP-0e550f2fb90ada0b608bc1e1982b100291651806.tar.xz
UXP-0e550f2fb90ada0b608bc1e1982b100291651806.zip
Refactor structured clone JSAPI to prevent mismatched scopes.
Roll-up of bugs 1442722, 1455071, 1433642, 1456604 and 1458320.
Diffstat (limited to 'js/src/builtin')
-rw-r--r--js/src/builtin/TestingFunctions.cpp30
1 files changed, 19 insertions, 11 deletions
diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp
index 00637a7a5..373b6c9ed 100644
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -2088,7 +2088,7 @@ class CloneBufferObject : public NativeObject {
Rooted<CloneBufferObject*> obj(cx, Create(cx));
if (!obj)
return nullptr;
- auto data = js::MakeUnique<JSStructuredCloneData>();
+ auto data = js::MakeUnique<JSStructuredCloneData>(buffer->scope());
if (!data) {
ReportOutOfMemory(cx);
return nullptr;
@@ -2141,8 +2141,11 @@ class CloneBufferObject : public NativeObject {
return false;
size_t nbytes = JS_GetStringLength(args[0].toString());
MOZ_ASSERT(nbytes % sizeof(uint64_t) == 0);
- auto buf = js::MakeUnique<JSStructuredCloneData>(nbytes, nbytes, nbytes);
- js_memcpy(buf->Start(), str, nbytes);
+ auto buf = js::MakeUnique<JSStructuredCloneData>(JS::StructuredCloneScope::DifferentProcess);
+ if (!buf->AppendBytes(str, nbytes)) {
+ ReportOutOfMemory(cx);
+ return false;
+ }
JS_free(cx, str);
obj->setData(buf.release());
@@ -2186,7 +2189,7 @@ class CloneBufferObject : public NativeObject {
ReportOutOfMemory(cx);
return false;
}
- auto iter = obj->data()->Iter();
+ auto iter = obj->data()->Start();
obj->data()->ReadBytes(iter, buffer.get(), size);
JSString* str = JS_NewStringCopyN(cx, buffer.get(), size);
if (!str)
@@ -2244,6 +2247,8 @@ ParseCloneScope(JSContext* cx, HandleString str)
scope.emplace(JS::StructuredCloneScope::SameProcessDifferentThread);
else if (strcmp(scopeStr.ptr(), "DifferentProcess") == 0)
scope.emplace(JS::StructuredCloneScope::DifferentProcess);
+ else if (strcmp(scopeStr.ptr(), "DifferentProcessForIndexedDB") == 0)
+ scope.emplace(JS::StructuredCloneScope::DifferentProcessForIndexedDB);
return scope;
}
@@ -4370,19 +4375,22 @@ JS_FN_HELP("rejectPromise", RejectPromise, 2, 0,
" clone buffer object. 'policy' may be an options hash. Valid keys:\n"
" 'SharedArrayBuffer' - either 'allow' (the default) or 'deny'\n"
" to specify whether SharedArrayBuffers may be serialized.\n"
-"\n"
-" 'scope' - SameProcessSameThread, SameProcessDifferentThread, or\n"
-" DifferentProcess. Determines how some values will be serialized.\n"
-" Clone buffers may only be deserialized with a compatible scope."),
+" 'scope' - SameProcessSameThread, SameProcessDifferentThread,\n"
+" DifferentProcess, or DifferentProcessForIndexedDB. Determines how some\n"
+" values will be serialized. Clone buffers may only be deserialized with a\n"
+" compatible scope. NOTE - For DifferentProcess/DifferentProcessForIndexedDB,\n"
+" must also set SharedArrayBuffer:'deny' if data contains any shared memory\n"
+" object."),
JS_FN_HELP("deserialize", Deserialize, 1, 0,
"deserialize(clonebuffer[, opts])",
" Deserialize data generated by serialize. 'opts' is an options hash with one\n"
" recognized key 'scope', which limits the clone buffers that are considered\n"
" valid. Allowed values: 'SameProcessSameThread', 'SameProcessDifferentThread',\n"
-" and 'DifferentProcess'. So for example, a DifferentProcess clone buffer\n"
-" may be deserialized in any scope, but a SameProcessSameThread clone buffer\n"
-" cannot be deserialized in a DifferentProcess scope."),
+" 'DifferentProcess', and 'DifferentProcessForIndexedDB'. So for example, a\n"
+" DifferentProcessForIndexedDB clone buffer may be deserialized in any scope, but\n"
+" a SameProcessSameThread clone buffer cannot be deserialized in a\n"
+" DifferentProcess scope."),
JS_FN_HELP("detachArrayBuffer", DetachArrayBuffer, 1, 0,
"detachArrayBuffer(buffer)",