Index: mozilla/caps/src/nsScriptSecurityManager.cpp =================================================================== RCS file: /cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v retrieving revision 1.300 diff -pU10 -r1.300 mozilla/caps/src/nsScriptSecurityManager.cpp --- mozilla/caps/src/nsScriptSecurityManager.cpp +++ mozilla/caps/src/nsScriptSecurityManager.cpp @@ -93,41 +93,44 @@ nsIXPConnect *nsScriptSecurityManager nsIStringBundle *nsScriptSecurityManager::sStrBundle = nsnull; JSRuntime *nsScriptSecurityManager::sRuntime = 0; /////////////////////////// // Convenience Functions // /////////////////////////// // Result of this function should not be freed. static inline const PRUnichar * JSValIDToString(JSContext *cx, const jsval idval) { + JSAutoRequest ar(cx); JSString *str = JS_ValueToString(cx, idval); if(!str) return nsnull; return NS_REINTERPRET_CAST(PRUnichar*, JS_GetStringChars(str)); } static nsIScriptContext * GetScriptContext(JSContext *cx) { return GetScriptContextFromJSContext(cx); } inline void SetPendingException(JSContext *cx, const char *aMsg) { + JSAutoRequest ar(cx); JSString *str = JS_NewStringCopyZ(cx, aMsg); if (str) JS_SetPendingException(cx, STRING_TO_JSVAL(str)); } inline void SetPendingException(JSContext *cx, const PRUnichar *aMsg) { + JSAutoRequest ar(cx); JSString *str = JS_NewUCStringCopyZ(cx, NS_REINTERPRET_CAST(const jschar*, aMsg)); if (str) JS_SetPendingException(cx, STRING_TO_JSVAL(str)); } // DomainPolicy members #ifdef DEBUG_CAPS_DomainPolicyLifeCycle PRUint32 DomainPolicy::sObjects=0; void DomainPolicy::_printPopulationInfo() @@ -513,20 +516,22 @@ nsScriptSecurityManager::CheckConnect(JS if (!cx) { cx = GetCurrentJSContext(); if (!cx) return NS_OK; // No JS context, so allow the load } nsresult rv = CheckLoadURIFromScript(cx, aTargetURI); if (NS_FAILED(rv)) return rv; + JSAutoRequest ar(cx); + JSString* propertyName = ::JS_InternString(cx, aPropertyName); if (!propertyName) return NS_ERROR_OUT_OF_MEMORY; return CheckPropertyAccessImpl(nsIXPCSecurityManager::ACCESS_CALL_METHOD, nsnull, cx, nsnull, nsnull, aTargetURI, nsnull, aClassName, STRING_TO_JSVAL(propertyName), nsnull); } NS_IMETHODIMP @@ -2762,20 +2767,21 @@ nsScriptSecurityManager::CheckComponentP nsCAutoString cid(NS_LITERAL_CSTRING("CID") + Substring(cidTemp, 1, cidTemp.Length() - 2)); ToUpperCase(cid); #ifdef DEBUG_CAPS_CheckComponentPermissions printf("### CheckComponentPermissions(ClassID.%s) ",cid.get()); #endif // Look up the policy for this class. // while this isn't a property we'll treat it as such, using ACCESS_CALL_METHOD + JSAutoRequest ar(cx); jsval cidVal = STRING_TO_JSVAL(::JS_InternString(cx, cid.get())); ClassInfoData nameData(nsnull, "ClassID"); SecurityLevel securityLevel; rv = LookupPolicy(subjectPrincipal, nameData, cidVal, nsIXPCSecurityManager::ACCESS_CALL_METHOD, nsnull, &securityLevel); if (NS_FAILED(rv)) return rv; @@ -3412,20 +3418,22 @@ nsScriptSecurityManager::InitDomainPolic // hashtable. cpolicy->mDomainWeAreWildcardFor = aDomainPolicy; } // Get the property name start = end + 1; end = PL_strchr(start, '.'); if (end) *end = '\0'; + JSAutoRequest ar(cx); + JSString* propertyKey = ::JS_InternString(cx, start); if (!propertyKey) return NS_ERROR_OUT_OF_MEMORY; // Store this property in the class policy const void* ppkey = NS_REINTERPRET_CAST(const void*, STRING_TO_JSVAL(propertyKey)); PropertyPolicy* ppolicy = NS_STATIC_CAST(PropertyPolicy*, PL_DHashTableOperate(cpolicy->mPolicy, ppkey, Index: mozilla/caps/src/nsSecurityManagerFactory.cpp =================================================================== RCS file: /cvsroot/mozilla/caps/src/nsSecurityManagerFactory.cpp,v retrieving revision 1.45 diff -pU10 -r1.45 mozilla/caps/src/nsSecurityManagerFactory.cpp --- mozilla/caps/src/nsSecurityManagerFactory.cpp +++ mozilla/caps/src/nsSecurityManagerFactory.cpp @@ -291,20 +291,21 @@ nsSecurityNameSet::InitializeNameSet(nsI { JSContext *cx = (JSContext *) aScriptContext->GetNativeContext(); JSObject *global = JS_GetGlobalObject(cx); /* * Find Object.prototype's class by walking up the global object's * prototype chain. */ JSObject *obj = global; JSObject *proto; + JSAutoRequest ar(cx); while ((proto = JS_GetPrototype(cx, obj)) != nsnull) obj = proto; JSClass *objectClass = JS_GetClass(cx, obj); jsval v; if (!JS_GetProperty(cx, global, "netscape", &v)) return NS_ERROR_FAILURE; JSObject *securityObj; if (JSVAL_IS_OBJECT(v)) { /* Index: mozilla/content/base/src/nsScriptLoader.cpp =================================================================== RCS file: /cvsroot/mozilla/content/base/src/nsScriptLoader.cpp,v retrieving revision 1.92 diff -pU10 -r1.92 mozilla/content/base/src/nsScriptLoader.cpp --- mozilla/content/base/src/nsScriptLoader.cpp +++ mozilla/content/base/src/nsScriptLoader.cpp @@ -753,20 +753,22 @@ nsScriptLoader::EvaluateScript(nsScriptL PRBool isUndefined; context->EvaluateString(aScript, globalObject->GetGlobalJSObject(), mDocument->NodePrincipal(), url.get(), aRequest->mLineNo, aRequest->mJSVersion, nsnull, &isUndefined); // Put the old script back in case it wants to do anything else. mCurrentScript = oldCurrent; + JSAutoRequest ar(cx); + ::JS_ReportPendingException(cx); if (changed) { ::JS_SetOptions(cx, options); } context->SetProcessingScriptTag(oldProcessingScriptTag); nsCOMPtr ncc; nsContentUtils::XPConnect()-> GetCurrentNativeCallContext(getter_AddRefs(ncc)); Index: mozilla/content/base/src/nsXMLHttpRequest.cpp =================================================================== RCS file: /cvsroot/mozilla/content/base/src/nsXMLHttpRequest.cpp,v retrieving revision 1.154 diff -pU10 -r1.154 mozilla/content/base/src/nsXMLHttpRequest.cpp --- mozilla/content/base/src/nsXMLHttpRequest.cpp +++ mozilla/content/base/src/nsXMLHttpRequest.cpp @@ -1098,20 +1098,21 @@ nsXMLHttpRequest::Open(const nsACString& rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &crossSiteAccessEnabled); if (NS_FAILED(rv)) return rv; if (crossSiteAccessEnabled) { mState |= XML_HTTP_REQUEST_XSITEENABLED; } else { mState &= ~XML_HTTP_REQUEST_XSITEENABLED; } if (argc > 2) { + JSAutoRequest ar(cx); JSBool asyncBool; ::JS_ValueToBoolean(cx, argv[2], &asyncBool); async = (PRBool)asyncBool; if (argc > 3) { JSString* userStr = ::JS_ValueToString(cx, argv[3]); if (userStr) { user.Assign(NS_REINTERPRET_CAST(PRUnichar *, ::JS_GetStringChars(userStr)), Index: mozilla/content/events/src/nsEventListenerManager.cpp =================================================================== RCS file: /cvsroot/mozilla/content/events/src/nsEventListenerManager.cpp,v retrieving revision 1.236 diff -pU10 -r1.236 mozilla/content/events/src/nsEventListenerManager.cpp --- mozilla/content/events/src/nsEventListenerManager.cpp +++ mozilla/content/events/src/nsEventListenerManager.cpp @@ -1416,20 +1416,21 @@ nsEventListenerManager::RegisterScriptEv nsCOMPtr wrapper = do_QueryInterface(holder); NS_ASSERTION(wrapper, "wrapper must impl nsIXPConnectWrappedNative"); JSObject *jsobj = nsnull; rv = holder->GetJSObject(&jsobj); NS_ENSURE_SUCCESS(rv, rv); if (cx) { if (sAddListenerID == JSVAL_VOID) { + JSAutoRequest ar(cx); sAddListenerID = STRING_TO_JSVAL(::JS_InternString(cx, "addEventListener")); } rv = nsContentUtils::GetSecurityManager()-> CheckPropertyAccess(cx, jsobj, "EventTarget", sAddListenerID, nsIXPCSecurityManager::ACCESS_SET_PROPERTY); if (NS_FAILED(rv)) { Index: mozilla/content/html/document/src/nsHTMLDocument.cpp =================================================================== RCS file: /cvsroot/mozilla/content/html/document/src/nsHTMLDocument.cpp,v retrieving revision 3.680 diff -pU10 -r3.680 mozilla/content/html/document/src/nsHTMLDocument.cpp --- mozilla/content/html/document/src/nsHTMLDocument.cpp +++ mozilla/content/html/document/src/nsHTMLDocument.cpp @@ -2374,34 +2374,38 @@ nsHTMLDocument::ScriptWriteCommon(PRBool JSContext *cx = nsnull; rv = ncc->GetJSContext(&cx); NS_ENSURE_SUCCESS(rv, rv); jsval *argv = nsnull; ncc->GetArgvPtr(&argv); NS_ENSURE_TRUE(argv, NS_ERROR_UNEXPECTED); if (argc == 1) { + JSAutoRequest ar(cx); + JSString *jsstr = JS_ValueToString(cx, argv[0]); NS_ENSURE_TRUE(jsstr, NS_ERROR_OUT_OF_MEMORY); nsDependentString str(NS_REINTERPRET_CAST(const PRUnichar *, ::JS_GetStringChars(jsstr)), ::JS_GetStringLength(jsstr)); return WriteCommon(str, aNewlineTerminate); } if (argc > 1) { nsAutoString string_buffer; for (i = 0; i < argc; ++i) { + JSAutoRequest ar(cx); + JSString *str = JS_ValueToString(cx, argv[i]); NS_ENSURE_TRUE(str, NS_ERROR_OUT_OF_MEMORY); string_buffer.Append(NS_REINTERPRET_CAST(const PRUnichar *, ::JS_GetStringChars(str)), ::JS_GetStringLength(str)); } return WriteCommon(string_buffer, aNewlineTerminate); } Index: mozilla/content/xbl/src/nsXBLBinding.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLBinding.cpp,v retrieving revision 1.212 diff -pU10 -r1.212 mozilla/content/xbl/src/nsXBLBinding.cpp --- mozilla/content/xbl/src/nsXBLBinding.cpp +++ mozilla/content/xbl/src/nsXBLBinding.cpp @@ -988,20 +988,21 @@ nsresult nsXBLBinding::DoInitJSClass(JSContext *cx, JSObject *global, JSObject *obj, const nsAFlatCString& aClassName, void **aClassObject) { // First ensure our JS class is initialized. jsval val; JSObject* proto; nsCAutoString className(aClassName); JSObject* parent_proto = nsnull; // If we have an "obj" we can set this + JSAutoRequest ar(cx); if (obj) { // Retrieve the current prototype of obj. parent_proto = ::JS_GetPrototype(cx, obj); if (parent_proto) { // We need to create a unique classname based on aClassName and // parent_proto. Append a space (an invalid URI character) to ensure that // we don't have accidental collisions with the case when parent_proto is // null and aClassName ends in some bizarre numbers (yeah, it's unlikely). jsid parent_proto_id; if (!::JS_GetObjectId(cx, parent_proto, &parent_proto_id)) { Index: mozilla/content/xbl/src/nsXBLDocumentInfo.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLDocumentInfo.cpp,v retrieving revision 1.44 diff -pU10 -r1.44 mozilla/content/xbl/src/nsXBLDocumentInfo.cpp --- mozilla/content/xbl/src/nsXBLDocumentInfo.cpp +++ mozilla/content/xbl/src/nsXBLDocumentInfo.cpp @@ -247,20 +247,22 @@ nsXBLDocGlobalObject::GetContext() if (! mScriptContext) { nsCOMPtr factory = do_GetService(kDOMScriptObjectFactoryCID); NS_ENSURE_TRUE(factory, nsnull); nsresult rv = factory->NewScriptContext(nsnull, getter_AddRefs(mScriptContext)); if (NS_FAILED(rv)) return nsnull; JSContext *cx = (JSContext *)mScriptContext->GetNativeContext(); + JSAutoRequest ar(cx); + JS_SetErrorReporter(cx, XBL_ProtoErrorReporter); mJSObject = ::JS_NewObject(cx, &gSharedGlobalClass, nsnull, nsnull); if (!mJSObject) return nsnull; ::JS_SetGlobalObject(cx, mJSObject); // Add an owning reference from JS back to us. This'll be // released when the JSObject is finalized. ::JS_SetPrivate(cx, mJSObject, this); Index: mozilla/content/xbl/src/nsXBLProtoImplField.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLProtoImplField.cpp,v retrieving revision 1.16 diff -pU10 -r1.16 mozilla/content/xbl/src/nsXBLProtoImplField.cpp --- mozilla/content/xbl/src/nsXBLProtoImplField.cpp +++ mozilla/content/xbl/src/nsXBLProtoImplField.cpp @@ -129,22 +129,23 @@ nsXBLProtoImplField::InstallMember(nsISc scriptObject, nsnull, bindingURI.get(), mLineNumber, nsnull, (void*) &result, &undefined); if (NS_FAILED(rv)) return rv; if (!undefined) { // Define the evaluated result as a JS property nsDependentString name(mName); + JSAutoRequest ar(cx); if (!::JS_DefineUCProperty(cx, scriptObject, NS_REINTERPRET_CAST(const jschar*, mName), - name.Length(), result, nsnull, nsnull, mJSAttributes)) + name.Length(), result, nsnull, nsnull, mJSAttributes)) return NS_ERROR_OUT_OF_MEMORY; } return NS_OK; } nsresult nsXBLProtoImplField::CompileMember(nsIScriptContext* aContext, const nsCString& aClassStr, void* aClassObject) { Index: mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp,v retrieving revision 1.31 diff -pU10 -r1.31 mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp --- mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp +++ mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp @@ -148,20 +148,21 @@ nsXBLProtoImplMethod::InstallMember(nsIS NS_ASSERTION(scriptObject, "uh-oh, script Object should NOT be null or bad things will happen"); if (!scriptObject) return NS_ERROR_FAILURE; JSObject * targetClassObject = (JSObject *) aTargetClassObject; JSObject * globalObject = sgo->GetGlobalJSObject(); // now we want to reevaluate our property using aContext and the script object for this window... if (mJSMethodObject && targetClassObject) { nsDependentString name(mName); + JSAutoRequest ar(cx); JSObject * method = ::JS_CloneFunctionObject(cx, mJSMethodObject, globalObject); if (!method) { return NS_ERROR_OUT_OF_MEMORY; } nsresult rv; nsAutoGCRoot root(&method, &rv); NS_ENSURE_SUCCESS(rv, rv); if (!::JS_DefineUCProperty(cx, targetClassObject, @@ -312,28 +313,28 @@ nsXBLProtoImplAnonymousMethod::Execute(n nsContentUtils::XPConnect()->WrapNative(cx, globalObject, aBoundElement, NS_GET_IID(nsISupports), getter_AddRefs(wrapper)); NS_ENSURE_SUCCESS(rv, rv); JSObject* thisObject; rv = wrapper->GetJSObject(&thisObject); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + // Clone the function object, using thisObject as the parent so "this" is in // the scope chain of the resulting function (for backwards compat to the // days when this was an event handler). - JSObject* method = ::JS_CloneFunctionObject(cx, mJSMethodObject, - thisObject); - if (!method) { + JSObject* method = ::JS_CloneFunctionObject(cx, mJSMethodObject, thisObject); + if (!method) return NS_ERROR_OUT_OF_MEMORY; - } // Now call the method // Use nsCxPusher to make sure we call ScriptEvaluated when we're done. nsCxPusher pusher(aBoundElement); // Check whether it's OK to call the method. rv = nsContentUtils::GetSecurityManager()->CheckFunctionAccess(cx, method, thisObject); Index: mozilla/content/xbl/src/nsXBLProtoImplProperty.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLProtoImplProperty.cpp,v retrieving revision 1.26 diff -pU10 -r1.26 mozilla/content/xbl/src/nsXBLProtoImplProperty.cpp --- mozilla/content/xbl/src/nsXBLProtoImplProperty.cpp +++ mozilla/content/xbl/src/nsXBLProtoImplProperty.cpp @@ -185,20 +185,21 @@ nsXBLProtoImplProperty::InstallMember(ns NS_ASSERTION(scriptObject, "uh-oh, script Object should NOT be null or bad things will happen"); if (!scriptObject) return NS_ERROR_FAILURE; JSObject * targetClassObject = (JSObject *) aTargetClassObject; JSObject * globalObject = sgo->GetGlobalJSObject(); // now we want to reevaluate our property using aContext and the script object for this window... if ((mJSGetterObject || mJSSetterObject) && targetClassObject) { JSObject * getter = nsnull; + JSAutoRequest ar(cx); if (mJSGetterObject) if (!(getter = ::JS_CloneFunctionObject(cx, mJSGetterObject, globalObject))) return NS_ERROR_OUT_OF_MEMORY; nsresult rv; nsAutoGCRoot getterroot(&getter, &rv); NS_ENSURE_SUCCESS(rv, rv); JSObject * setter = nsnull; if (mJSSetterObject) Index: mozilla/content/xul/content/src/nsXULElement.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xul/content/src/nsXULElement.cpp,v retrieving revision 1.636 diff -pU10 -r1.636 mozilla/content/xul/content/src/nsXULElement.cpp --- mozilla/content/xul/content/src/nsXULElement.cpp +++ mozilla/content/xul/content/src/nsXULElement.cpp @@ -2761,20 +2761,21 @@ nsXULPrototypeScript::Serialize(nsIObjec JSContext* cx = NS_REINTERPRET_CAST(JSContext*, aContext->GetNativeContext()); JSXDRState *xdr = ::JS_XDRNewMem(cx, JSXDR_ENCODE); if (! xdr) return NS_ERROR_OUT_OF_MEMORY; xdr->userdata = (void*) aStream; JSScript *script = NS_REINTERPRET_CAST(JSScript*, ::JS_GetPrivate(cx, mJSObject)); + JSAutoRequest ar(cx); if (! ::JS_XDRScript(xdr, &script)) { rv = NS_ERROR_FAILURE; // likely to be a principals serialization error } else { // Get the encoded JSXDRState data and write it. The JSXDRState owns // this buffer memory and will free it beneath ::JS_XDRDestroy. // // If an XPCOM object needs to be written in the midst of the JS XDR // encoding process, the C++ code called back from the JS engine (e.g., // nsEncodeJSPrincipals in caps/src/nsJSPrincipals.cpp) will flush data // from the JSXDRState to aStream, then write the object, then return @@ -2896,20 +2897,21 @@ nsXULPrototypeScript::Deserialize(nsIObj rv = aStream->ReadBytes(size, &data); if (NS_SUCCEEDED(rv)) { JSContext* cx = NS_REINTERPRET_CAST(JSContext*, aContext->GetNativeContext()); JSXDRState *xdr = ::JS_XDRNewMem(cx, JSXDR_DECODE); if (! xdr) { rv = NS_ERROR_OUT_OF_MEMORY; } else { xdr->userdata = (void*) aStream; + JSAutoRequest ar(cx); ::JS_XDRMemSetData(xdr, data, size); JSScript *script = nsnull; if (! ::JS_XDRScript(xdr, &script)) { rv = NS_ERROR_FAILURE; // principals deserialization error? } else { mJSObject = ::JS_NewScriptObject(cx, script); if (! mJSObject) { rv = NS_ERROR_OUT_OF_MEMORY; // certain error ::JS_DestroyScript(cx, script); Index: mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp =================================================================== RCS file: /cvsroot/mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp,v retrieving revision 1.76 diff -pU10 -r1.76 mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp --- mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp +++ mozilla/content/xul/document/src/nsXULPrototypeDocument.cpp @@ -809,20 +809,22 @@ nsXULPDGlobalObject::GetContext() do_GetService(kDOMScriptObjectFactoryCID); NS_ENSURE_TRUE(factory, nsnull); nsresult rv = factory->NewScriptContext(nsnull, getter_AddRefs(mScriptContext)); if (NS_FAILED(rv)) return nsnull; JSContext *cx = (JSContext *)mScriptContext->GetNativeContext(); + JSAutoRequest ar(cx); + mJSObject = ::JS_NewObject(cx, &gSharedGlobalClass, nsnull, nsnull); if (!mJSObject) return nsnull; ::JS_SetGlobalObject(cx, mJSObject); // Add an owning reference from JS back to us. This'll be // released when the JSObject is finalized. ::JS_SetPrivate(cx, mJSObject, this); NS_ADDREF(this); Index: mozilla/dom/src/base/nsDOMClassInfo.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/base/nsDOMClassInfo.cpp,v retrieving revision 1.384 diff -pU10 -r1.384 mozilla/dom/src/base/nsDOMClassInfo.cpp --- mozilla/dom/src/base/nsDOMClassInfo.cpp +++ mozilla/dom/src/base/nsDOMClassInfo.cpp @@ -1351,20 +1351,22 @@ GetInternedJSVal(JSContext *cx, const ch // static nsresult nsDOMClassInfo::DefineStaticJSVals(JSContext *cx) { #define SET_JSVAL_TO_STRING(_val, _cx, _str) \ _val = GetInternedJSVal(_cx, _str); \ if (!JSVAL_IS_STRING(_val)) { \ return NS_ERROR_OUT_OF_MEMORY; \ } + JSAutoRequest ar(cx); + SET_JSVAL_TO_STRING(sTop_id, cx, "top"); SET_JSVAL_TO_STRING(sParent_id, cx, "parent"); SET_JSVAL_TO_STRING(sScrollbars_id, cx, "scrollbars"); SET_JSVAL_TO_STRING(sLocation_id, cx, "location"); SET_JSVAL_TO_STRING(sConstructor_id, cx, "constructor"); SET_JSVAL_TO_STRING(s_content_id, cx, "_content"); SET_JSVAL_TO_STRING(sContent_id, cx, "content"); SET_JSVAL_TO_STRING(sMenubar_id, cx, "menubar"); SET_JSVAL_TO_STRING(sToolbar_id, cx, "toolbar"); SET_JSVAL_TO_STRING(sLocationbar_id, cx, "locationbar"); @@ -1459,20 +1461,22 @@ nsDOMClassInfo::WrapNative(JSContext *cx *vp = OBJECT_TO_JSVAL(obj); holder.swap(*aHolder); return rv; } // static nsresult nsDOMClassInfo::ThrowJSException(JSContext *cx, nsresult aResult) { + JSAutoRequest ar(cx); + do { nsCOMPtr xs = do_GetService(NS_EXCEPTIONSERVICE_CONTRACTID); if (!xs) { break; } nsCOMPtr xm; nsresult rv = xs->GetCurrentExceptionManager(getter_AddRefs(xm)); if (NS_FAILED(rv)) { @@ -3116,20 +3120,22 @@ nsDOMClassInfo::Init() // static PRInt32 nsDOMClassInfo::GetArrayIndexFromId(JSContext *cx, jsval id, PRBool *aIsNumber) { jsdouble array_index; if (aIsNumber) { *aIsNumber = PR_FALSE; } + JSAutoRequest ar(cx); + if (!::JS_ValueToNumber(cx, id, &array_index)) { return -1; } jsint i = -1; if (!JSDOUBLE_IS_INT(array_index, i)) { return -1; } @@ -3307,20 +3313,22 @@ nsDOMClassInfo::PostCreate(nsIXPConnectW NS_ASSERTION(!sgo || sgo->GetGlobalJSObject() == nsnull, "Multiple wrappers created for global object!"); } #endif JSObject *proto = nsnull; wrapper->GetJSObjectPrototype(&proto); + JSAutoRequest ar(cx); + JSObject *proto_proto = ::JS_GetPrototype(cx, proto); if (!proto_proto) { // If our prototype doesn't have a proto, then we've probably already // wrapped this object and someone's done something evil, like set // our prototype's proto to null, so bail. return NS_OK; } JSClass *proto_proto_class = JS_GET_CLASS(cx, proto_proto); @@ -3432,20 +3440,21 @@ nsDOMClassInfo::NewEnumerate(nsIXPConnec return NS_ERROR_UNEXPECTED; } nsresult nsDOMClassInfo::ResolveConstructor(JSContext *cx, JSObject *obj, JSObject **objp) { JSObject *global = GetGlobalJSObject(cx, obj); jsval val; + JSAutoRequest ar(cx); if (!::JS_GetProperty(cx, global, mData->mName, &val)) { return NS_ERROR_UNEXPECTED; } if (!JSVAL_IS_PRIMITIVE(val)) { // If val is not an (non-null) object there either is no // constructor for this class, or someone messed with // window.classname, just fall through and let the JS engine // return the Object constructor. @@ -3898,20 +3907,21 @@ nsDOMClassInfo::doCheckPropertyAccess(JS NS_IMETHODIMP nsWindowSH::PreCreate(nsISupports *nativeObj, JSContext *cx, JSObject *globalObj, JSObject **parentObj) { // Since this is one of the first calls we'll get from XPConnect, // grab the pointer to the Object class so we'll have it later on. if (!sObjectClass) { JSObject *obj, *proto = globalObj; + JSAutoRequest ar(cx); do { obj = proto; proto = ::JS_GetPrototype(cx, obj); } while (proto); sObjectClass = JS_GET_CLASS(cx, obj); } // Normally ::PreCreate() is used to give XPConnect the parent @@ -4077,20 +4087,22 @@ nsWindowSH::GlobalScopePolluterNewResolv return JS_TRUE; } // static void nsWindowSH::InvalidateGlobalScopePolluter(JSContext *cx, JSObject *obj) { JSObject *proto; + JSAutoRequest ar(cx); + while ((proto = ::JS_GetPrototype(cx, obj))) { if (JS_GET_CLASS(cx, proto) == &sGlobalScopePolluterClass) { nsIHTMLDocument *doc = (nsIHTMLDocument *)::JS_GetPrivate(cx, proto); NS_IF_RELEASE(doc); ::JS_SetPrivate(cx, proto, nsnull); // Pull the global scope polluter out of the prototype chain so // that it can be freed. @@ -4107,20 +4119,22 @@ nsWindowSH::InvalidateGlobalScopePollute nsresult nsWindowSH::InstallGlobalScopePolluter(JSContext *cx, JSObject *obj, nsIHTMLDocument *doc) { // If global scope pollution is disabled, or if our document is not // a HTML document, do nothing if (sDisableGlobalScopePollutionSupport || !doc) { return NS_OK; } + JSAutoRequest ar(cx); + JSObject *gsp = ::JS_NewObject(cx, &sGlobalScopePolluterClass, nsnull, obj); if (!gsp) { return NS_ERROR_OUT_OF_MEMORY; } JSObject *o = obj, *proto; // Find the place in the prototype chain where we want this global // scope polluter (right before Object.prototype). @@ -4169,32 +4183,37 @@ GetChildFrame(nsGlobalWindow *win, jsval return frame; } NS_IMETHODIMP nsWindowSH::GetProperty(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, jsval *vp, PRBool *_retval) { nsGlobalWindow *win = nsGlobalWindow::FromWrapper(wrapper); + JSAutoRequest ar(cx); + #ifdef DEBUG_SH_FORWARDING { - nsDependentJSString str(::JS_ValueToString(cx, id)); + jschar *jsstr = ::JS_ValueToString(cx, id); + if (jsstr) { + nsDependentJSString str(jsstr); - if (win->IsInnerWindow()) { + if (win->IsInnerWindow()) { #ifdef DEBUG_PRINT_INNER - printf("Property '%s' get on inner window %p\n", - NS_ConvertUTF16toUTF8(str).get(), (void *)win); + printf("Property '%s' get on inner window %p\n", + NS_ConvertUTF16toUTF8(str).get(), (void *)win); #endif - } else { - printf("Property '%s' get on outer window %p\n", - NS_ConvertUTF16toUTF8(str).get(), (void *)win); + } else { + printf("Property '%s' get on outer window %p\n", + NS_ConvertUTF16toUTF8(str).get(), (void *)win); + } } } #endif if (win->IsOuterWindow() && !ObjectIsNativeWrapper(cx, obj)) { // XXXjst: Do security checks here when we remove the security // checks on the inner window. nsGlobalWindow *innerWin = win->GetCurrentInnerWindowInternal(); @@ -4359,20 +4378,22 @@ nsWindowSH::SetProperty(nsIXPConnectWrap // Security check failed. The security manager set a JS // exception, we must make sure that exception is propagated. *_retval = PR_FALSE; return NS_OK; } } if (id == sLocation_id) { + JSAutoRequest ar(cx); + JSString *val = ::JS_ValueToString(cx, *vp); NS_ENSURE_TRUE(val, NS_ERROR_UNEXPECTED); nsCOMPtr window(do_QueryWrappedNative(wrapper)); NS_ENSURE_TRUE(window, NS_ERROR_UNEXPECTED); nsCOMPtr location; nsresult rv = window->GetLocation(getter_AddRefs(location)); NS_ENSURE_SUCCESS(rv, rv); @@ -5977,20 +5998,22 @@ nsWindowSH::NewResolve(nsIXPConnectWrapp } // Resolving a standard class won't do any evil, and it's possible // for caps to get the answer wrong, so disable the security check // for this case. JSBool did_resolve = JS_FALSE; PRBool doSecurityCheckInAddProperty = sDoSecurityCheckInAddProperty; sDoSecurityCheckInAddProperty = PR_FALSE; + JSAutoRequest ar(my_cx); + JSBool ok = ::JS_ResolveStandardClass(my_cx, obj, id, &did_resolve); sDoSecurityCheckInAddProperty = doSecurityCheckInAddProperty; if (!ok) { // Trust the JS engine (or the script security manager) to set // the exception in the JS engine. jsval exn; if (!JS_GetPendingException(my_cx, &exn)) { @@ -6080,41 +6103,44 @@ nsWindowSH::NewResolve(nsIXPConnectWrapp // other domains can't add properties to a global object in // this domain. Set the sDoSecurityCheckInAddProperty flag to // false (and set it to true immediagtely when we're done) to // tell nsWindowSH::AddProperty() that defining this new // property is 'ok' in this case, even if the call comes from // a different context. PRBool doSecurityCheckInAddProperty = sDoSecurityCheckInAddProperty; sDoSecurityCheckInAddProperty = PR_FALSE; - PRBool ok = ::JS_DefineUCProperty(cx, obj, chars, - ::JS_GetStringLength(str), v, nsnull, - nsnull, 0); + JSAutoRequest ar(cx); + + PRBool ok = ::JS_DefineUCProperty(cx, obj, chars, ::JS_GetStringLength(str), + v, nsnull, nsnull, 0); sDoSecurityCheckInAddProperty = doSecurityCheckInAddProperty; if (!ok) { return NS_ERROR_FAILURE; } *objp = obj; return NS_OK; } } } // It is not worth calling GlobalResolve() if we are resolving // for assignment, since only read-write properties get dealt // with there. if (!(flags & JSRESOLVE_ASSIGNING)) { + JSAutoRequest ar(cx); + // Call GlobalResolve() after we call FindChildWithName() so // that named child frames will override external properties // which have been registered with the script namespace manager. JSBool did_resolve = JS_FALSE; rv = GlobalResolve(win, cx, obj, str, flags, &did_resolve); NS_ENSURE_SUCCESS(rv, rv); if (did_resolve) { // GlobalResolve() resolved something, so we're done here. @@ -6124,20 +6150,22 @@ nsWindowSH::NewResolve(nsIXPConnectWrapp } } if (id == s_content_id) { // Map window._content to window.content for backwards // compatibility, this should spit out an message on the JS // console. JSObject *windowObj = win->GetGlobalJSObject(); + JSAutoRequest ar(cx); + JSFunction *fun = ::JS_NewFunction(cx, ContentWindowGetter, 0, 0, windowObj, "_content"); if (!fun) { return NS_ERROR_OUT_OF_MEMORY; } JSObject *funObj = ::JS_GetFunctionObject(fun); nsAutoGCRoot root(&funObj, &rv); NS_ENSURE_SUCCESS(rv, rv); @@ -6182,73 +6210,76 @@ nsWindowSH::NewResolve(nsIXPConnectWrapp jsval v; nsCOMPtr holder; rv = WrapNative(cx, scope, location, NS_GET_IID(nsIDOMLocation), &v, getter_AddRefs(holder)); NS_ENSURE_SUCCESS(rv, rv); PRBool doSecurityCheckInAddProperty = sDoSecurityCheckInAddProperty; sDoSecurityCheckInAddProperty = PR_FALSE; + JSAutoRequest ar(cx); + JSBool ok = ::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), - ::JS_GetStringLength(str), v, nsnull, - nsnull, JSPROP_ENUMERATE); + ::JS_GetStringLength(str), v, nsnull, + nsnull, JSPROP_ENUMERATE); sDoSecurityCheckInAddProperty = doSecurityCheckInAddProperty; if (!ok) { return NS_ERROR_FAILURE; } *objp = obj; return NS_OK; } if (flags & JSRESOLVE_ASSIGNING) { if (IsReadonlyReplaceable(id) || (!(flags & JSRESOLVE_QUALIFIED) && IsWritableReplaceable(id))) { // A readonly "replaceable" property is being set, or a // readwrite "replaceable" property is being set w/o being // fully qualified. Define the property on obj with the value // undefined to override the predefined property. This is done // for compatibility with other browsers. + JSAutoRequest ar(cx); if (!::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), - ::JS_GetStringLength(str), - JSVAL_VOID, nsnull, nsnull, - JSPROP_ENUMERATE)) { + ::JS_GetStringLength(str), + JSVAL_VOID, nsnull, nsnull, + JSPROP_ENUMERATE)) { return NS_ERROR_FAILURE; } - *objp = obj; return NS_OK; } } else { if (id == sNavigator_id) { nsCOMPtr navigator; rv = win->GetNavigator(getter_AddRefs(navigator)); NS_ENSURE_SUCCESS(rv, rv); jsval v; nsCOMPtr holder; rv = WrapNative(cx, obj, navigator, NS_GET_IID(nsIDOMNavigator), &v, getter_AddRefs(holder)); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + if (!::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), - ::JS_GetStringLength(str), v, nsnull, - nsnull, JSPROP_ENUMERATE)) { + ::JS_GetStringLength(str), v, nsnull, + nsnull, JSPROP_ENUMERATE)) { return NS_ERROR_FAILURE; } - *objp = obj; return NS_OK; } if (id == sDocument_id) { nsCOMPtr document; rv = win->GetDocument(getter_AddRefs(document)); NS_ENSURE_SUCCESS(rv, rv); @@ -6263,28 +6294,29 @@ nsWindowSH::NewResolve(nsIXPConnectWrapp *objp = obj; return NS_OK; } if (id == sWindow_id) { // window should *always* be the outer window object. win = win->GetOuterWindowInternal(); NS_ENSURE_TRUE(win, NS_ERROR_NOT_AVAILABLE); + JSAutoRequest ar(cx); + if (!::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), - ::JS_GetStringLength(str), - OBJECT_TO_JSVAL(win->GetGlobalJSObject()), - nsnull, nsnull, - JSPROP_READONLY | JSPROP_ENUMERATE)) { + ::JS_GetStringLength(str), + OBJECT_TO_JSVAL(win->GetGlobalJSObject()), + nsnull, nsnull, + JSPROP_READONLY | JSPROP_ENUMERATE)) { return NS_ERROR_FAILURE; } - *objp = obj; return NS_OK; } // Do a security check when resolving heretofore unknown string // properties on window objects to prevent detection of a // property's existence across origins. We only do this when // resolving for a GET, no need to do it for set since we'll do // a security check in nsWindowSH::SetProperty() in that case. @@ -6920,20 +6952,22 @@ nsEventReceiverSH::NewResolve(nsIXPConne return nsDOMGCParticipantSH::NewResolve(wrapper, cx, obj, id, flags, objp, _retval); } NS_IMETHODIMP nsEventReceiverSH::SetProperty(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, jsval *vp, PRBool *_retval) { + JSAutoRequest ar(cx); + if ((::JS_TypeOfValue(cx, *vp) != JSTYPE_FUNCTION && !JSVAL_IS_NULL(*vp)) || !JSVAL_IS_STRING(id) || id == sAddEventListener_id) { return NS_OK; } PRBool did_compile; // Ignored here. return RegisterCompileHandler(wrapper, cx, obj, id, PR_FALSE, JSVAL_IS_NULL(*vp), &did_compile); } @@ -7116,20 +7150,21 @@ nsGenericArraySH::Enumerate(nsIXPConnect static PRBool sCurrentlyEnumerating; if (sCurrentlyEnumerating) { // Don't recurse to death. return NS_OK; } sCurrentlyEnumerating = PR_TRUE; jsval len_val; + JSAutoRequest ar(cx); JSBool ok = ::JS_GetProperty(cx, obj, "length", &len_val); if (ok && JSVAL_IS_INT(len_val)) { PRInt32 length = JSVAL_TO_INT(len_val); char buf[11]; for (PRInt32 i = 0; ok && i < length; ++i) { PR_snprintf(buf, sizeof(buf), "%d", i); ok = ::JS_DefineProperty(cx, obj, buf, JSVAL_VOID, nsnull, nsnull, @@ -7487,20 +7522,22 @@ nsDocumentSH::NewResolve(nsIXPConnectWra jsval v; nsCOMPtr holder; rv = WrapNative(cx, obj, location, NS_GET_IID(nsIDOMLocation), &v, getter_AddRefs(holder)); NS_ENSURE_SUCCESS(rv, rv); PRBool doSecurityCheckInAddProperty = sDoSecurityCheckInAddProperty; sDoSecurityCheckInAddProperty = PR_FALSE; + JSAutoRequest ar(cx); + JSString *str = JSVAL_TO_STRING(id); JSBool ok = ::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), ::JS_GetStringLength(str), v, nsnull, nsnull, JSPROP_ENUMERATE); sDoSecurityCheckInAddProperty = doSecurityCheckInAddProperty; if (!ok) { return NS_ERROR_FAILURE; } @@ -7583,20 +7620,22 @@ nsDocumentSH::SetProperty(nsIXPConnectWr if (id == sLocation_id) { nsCOMPtr doc(do_QueryWrappedNative(wrapper)); NS_ENSURE_TRUE(doc, NS_ERROR_UNEXPECTED); nsCOMPtr location; nsresult rv = doc->GetLocation(getter_AddRefs(location)); NS_ENSURE_SUCCESS(rv, rv); if (location) { + JSAutoRequest ar(cx); + JSString *val = ::JS_ValueToString(cx, *vp); NS_ENSURE_TRUE(val, NS_ERROR_UNEXPECTED); rv = location->SetHref(nsDependentJSString(val)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr holder; rv = WrapNative(cx, obj, location, NS_GET_IID(nsIDOMLocation), vp, getter_AddRefs(holder)); return NS_FAILED(rv) ? rv : NS_SUCCESS_I_DID_SOMETHING; @@ -8236,20 +8275,23 @@ nsHTMLDocumentSH::NewResolve(nsIXPConnec JSObject **objp, PRBool *_retval) { // nsDocumentSH::NewResolve() does a security check that we'd kinda // want to do here too before doing anything else. But given that we // only define dynamic properties here before the call to // nsDocumentSH::NewResolve() we're ok, since once those properties // are accessed, we'll do the necessary security check. if (!(flags & JSRESOLVE_ASSIGNING)) { // For native wrappers, do not resolve random names on document + + JSAutoRequest ar(cx); + if (!ObjectIsNativeWrapper(cx, obj)) { nsCOMPtr result; nsresult rv = ResolveImpl(cx, wrapper, id, getter_AddRefs(result)); NS_ENSURE_SUCCESS(rv, rv); if (result) { JSString *str = JS_ValueToString(cx, id); JSBool ok = *_retval = @@ -8361,20 +8403,22 @@ nsHTMLDocumentSH::GetProperty(nsIXPConne return rv; } // For native wrappers, do not get random names on document if (ObjectIsNativeWrapper(cx, obj)) { return rv; } nsCOMPtr result; + JSAutoRequest ar(cx); + rv = ResolveImpl(cx, wrapper, id, getter_AddRefs(result)); NS_ENSURE_SUCCESS(rv, rv); if (result) { nsCOMPtr holder; rv = WrapNative(cx, obj, result, NS_GET_IID(nsISupports), vp, getter_AddRefs(holder)); if (NS_SUCCEEDED(rv)) { rv = NS_SUCCESS_I_DID_SOMETHING; } @@ -8416,20 +8460,21 @@ nsHTMLElementSH::ScrollIntoView(JSContex return NS_SUCCEEDED(rv); } NS_IMETHODIMP nsHTMLElementSH::NewResolve(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, PRUint32 flags, JSObject **objp, PRBool *_retval) { if (id == sScrollIntoView_id && !(JSRESOLVE_ASSIGNING & flags)) { JSString *str = JSVAL_TO_STRING(id); + JSAutoRequest ar(cx); JSFunction *cfnc = ::JS_DefineFunction(cx, obj, ::JS_GetStringBytes(str), ScrollIntoView, 0, 0); *objp = obj; return cfnc ? NS_OK : NS_ERROR_UNEXPECTED; } return nsElementSH::NewResolve(wrapper, cx, obj, id, flags, objp, _retval); @@ -8575,20 +8620,21 @@ nsHTMLFormElementSH::NewResolve(nsIXPCon // For native wrappers, do not resolve random names on form if ((!(JSRESOLVE_ASSIGNING & flags)) && JSVAL_IS_STRING(id) && !ObjectIsNativeWrapper(cx, obj)) { nsCOMPtr form(do_QueryWrappedNative(wrapper)); nsCOMPtr result; JSString *str = JSVAL_TO_STRING(id); FindNamedItem(form, str, getter_AddRefs(result)); if (result) { + JSAutoRequest ar(cx); *_retval = ::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), ::JS_GetStringLength(str), JSVAL_VOID, nsnull, nsnull, 0); *objp = obj; return *_retval ? NS_OK : NS_ERROR_FAILURE; } } @@ -8686,20 +8732,23 @@ nsHTMLFormElementSH::NewEnumerate(nsIXPC nsCOMPtr domElement = do_QueryInterface(controlNode); NS_ENSURE_TRUE(domElement, NS_ERROR_FAILURE); nsAutoString attr; domElement->GetAttribute(NS_LITERAL_STRING("name"), attr); if (attr.IsEmpty()) { // If name is not there, use index instead attr.AppendInt(index); } + + JSAutoRequest ar(cx); + JSString *jsname = JS_NewUCStringCopyN(cx, NS_REINTERPRET_CAST(const jschar *, attr.get()), attr.Length()); NS_ENSURE_TRUE(jsname, NS_ERROR_OUT_OF_MEMORY); JS_ValueToId(cx, STRING_TO_JSVAL(jsname), idp); *statep = INT_TO_JSVAL(++index); } else { @@ -8749,23 +8798,24 @@ nsHTMLSelectElementSH::GetProperty(nsIXP } return rv; } // static nsresult nsHTMLSelectElementSH::SetOption(JSContext *cx, jsval *vp, PRUint32 aIndex, nsIDOMNSHTMLOptionCollection *aOptCollection) { + JSAutoRequest ar(cx); + // vp must refer to an object - if (!JSVAL_IS_OBJECT(*vp) && !::JS_ConvertValue(cx, *vp, JSTYPE_OBJECT, - vp)) { + if (!JSVAL_IS_OBJECT(*vp) && !::JS_ConvertValue(cx, *vp, JSTYPE_OBJECT, vp)) { return NS_ERROR_UNEXPECTED; } nsCOMPtr new_option; if (!JSVAL_IS_NULL(*vp)) { nsCOMPtr new_wrapper; nsresult rv; rv = sXPConnect->GetWrappedNativeOfJSObject(cx, JSVAL_TO_OBJECT(*vp), @@ -8832,20 +8882,22 @@ nsHTMLExternalObjSH::GetPluginInstance(n return objlc->EnsureInstantiation(_result); } // Check if proto is already in obj's prototype chain. static PRBool IsObjInProtoChain(JSContext *cx, JSObject *obj, JSObject *proto) { JSObject *o = obj; + JSAutoRequest ar(cx); + while (o) { JSObject *p = ::JS_GetPrototype(cx, o); if (p == proto) { return PR_TRUE; } o = p; } @@ -8900,20 +8952,22 @@ nsHTMLExternalObjSH::PostCreate(nsIXPCon // If we got an xpconnect-wrapped plugin object, set obj's // prototype's prototype to the scriptable plugin. JSObject *my_proto = nsnull; // Get 'this.__proto__' rv = wrapper->GetJSObjectPrototype(&my_proto); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + // Set 'this.__proto__' to pi if (!::JS_SetPrototype(cx, obj, pi_obj)) { return NS_ERROR_UNEXPECTED; } if (pi_proto && JS_GET_CLASS(cx, pi_proto) != sObjectClass) { // The plugin wrapper has a proto that's not Object.prototype, set // 'pi.__proto__.__proto__' to the original 'this.__proto__' if (!::JS_SetPrototype(cx, pi_proto, my_proto)) { return NS_ERROR_UNEXPECTED; @@ -8978,20 +9032,22 @@ nsHTMLExternalObjSH::PostCreate(nsIXPCon return NS_OK; } NS_IMETHODIMP nsHTMLExternalObjSH::GetProperty(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, jsval *vp, PRBool *_retval) { + JSAutoRequest ar(cx); + JSObject *pi_obj = ::JS_GetPrototype(cx, obj); const jschar *id_chars = nsnull; size_t id_length = 0; JSBool found = PR_FALSE; if (!ObjectIsNativeWrapper(cx, obj)) { if (JSVAL_IS_STRING(id)) { JSString *id_str = JSVAL_TO_STRING(id); @@ -9020,20 +9076,22 @@ nsHTMLExternalObjSH::GetProperty(nsIXPCo } return NS_OK; } NS_IMETHODIMP nsHTMLExternalObjSH::SetProperty(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, jsval *vp, PRBool *_retval) { + JSAutoRequest ar(cx); + JSObject *pi_obj = ::JS_GetPrototype(cx, obj); const jschar *id_chars = nsnull; size_t id_length = 0; JSBool found = PR_FALSE; if (!ObjectIsNativeWrapper(cx, obj)) { if (JSVAL_IS_STRING(id)) { JSString *id_str = JSVAL_TO_STRING(id); @@ -9085,20 +9143,21 @@ nsHTMLExternalObjSH::Call(nsIXPConnectWr rv = GetPluginJSObject(cx, obj, pi, &pi_obj, &pi_proto); NS_ENSURE_SUCCESS(rv, rv); if (!pi) { return NS_ERROR_NOT_AVAILABLE; } // XPConnect passes us the XPConnect wrapper JSObject as obj, and // not the 'this' parameter that the JS engine passes in. Pass in // the real this parameter from JS (argv[-1]) here. + JSAutoRequest ar(cx); *_retval = ::JS_CallFunctionValue(cx, JSVAL_TO_OBJECT(argv[-1]), OBJECT_TO_JSVAL(pi_obj), argc, argv, vp); return NS_OK; } // HTMLAppletElement helper nsresult @@ -9359,20 +9418,23 @@ nsHTMLOptionsCollectionSH::SetProperty(n } NS_IMETHODIMP nsHTMLOptionsCollectionSH::NewResolve(nsIXPConnectWrappedNative *wrapper, JSContext *cx, JSObject *obj, jsval id, PRUint32 flags, JSObject **objp, PRBool *_retval) { if (id == sAdd_id) { JSString *str = JSVAL_TO_STRING(id); + + JSAutoRequest ar(cx); + JSFunction *fnc = ::JS_DefineFunction(cx, obj, ::JS_GetStringBytes(str), Add, 0, JSPROP_ENUMERATE); *objp = obj; return fnc ? NS_OK : NS_ERROR_UNEXPECTED; } return nsHTMLCollectionSH::NewResolve(wrapper, cx, obj, id, flags, objp, _retval); @@ -9571,20 +9633,22 @@ nsStringArraySH::GetProperty(nsIXPConnec return NS_OK; } nsAutoString val; nsresult rv = GetStringAt(wrapper->Native(), n, val); NS_ENSURE_SUCCESS(rv, rv); // XXX: Null strings? + JSAutoRequest ar(cx); + JSString *str = ::JS_NewUCStringCopyN(cx, NS_REINTERPRET_CAST(const jschar *, val.get()), val.Length()); NS_ENSURE_TRUE(str, NS_ERROR_OUT_OF_MEMORY); *vp = STRING_TO_JSVAL(str); return NS_SUCCESS_I_DID_SOMETHING; } Index: mozilla/dom/src/base/nsGlobalWindow.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v retrieving revision 1.849 diff -pU10 -r1.849 mozilla/dom/src/base/nsGlobalWindow.cpp --- mozilla/dom/src/base/nsGlobalWindow.cpp +++ mozilla/dom/src/base/nsGlobalWindow.cpp @@ -46,20 +46,21 @@ #include "nsGlobalWindow.h" #include "nsScreen.h" #include "nsHistory.h" #include "nsBarProps.h" #include "nsDOMStorage.h" // Helper Classes #include "nsXPIDLString.h" #include "nsJSUtils.h" #include "prmem.h" +#include "jsapi.h" // for JSAutoRequest #include "jsdbgapi.h" // for JS_ClearWatchPointsForObject #include "nsReadableUtils.h" #include "nsDOMClassInfo.h" // Other Classes #include "nsIEventListenerManager.h" #include "nsEscape.h" #include "nsStyleCoord.h" #include "nsMimeTypeArray.h" #include "nsNetUtil.h" @@ -554,23 +555,23 @@ nsGlobalWindow::FreeInnerObjects(JSConte // Remember the document's principal. mDocumentPrincipal = mDoc->NodePrincipal(); } // Remove our reference to the document and the document principal. mDocument = nsnull; mDoc = nsnull; if (mJSObject && cx) { + JSAutoRequest ar(cx); ::JS_ClearScope(cx, mJSObject); ::JS_ClearWatchPointsForObject(cx, mJSObject); - nsWindowSH::InvalidateGlobalScopePolluter(cx, mJSObject); } } //***************************************************************************** // nsGlobalWindow::nsISupports //***************************************************************************** // QueryInterface implementation for nsGlobalWindow @@ -861,20 +862,22 @@ WindowStateHolder::~WindowStateHolder() JSContext *cx = nsnull; if (stack) stack->GetSafeJSContext(&cx); if (!cx) { NS_WARNING("Trusting GC to finish cleaning up this inner window"); return; } + JSAutoRequest ar(cx); + mInnerWindow->FreeInnerObjects(cx); if (mLocation) { // Don't leave the weak reference to the docshell lying around. mLocation->SetDocShell(nsnull); } } } NS_IMPL_ISUPPORTS1(WindowStateHolder, WindowStateHolder) @@ -1060,20 +1063,22 @@ nsGlobalWindow::SetNewDocument(nsIDocume } nsRefPtr newInnerWindow; nsCOMPtr thisChrome = do_QueryInterface(NS_STATIC_CAST(nsIDOMWindow *, this)); nsCOMPtr navigatorHolder; PRUint32 flags = 0; + JSAutoRequest ar(cx); + // Make sure to clear scope on the outer window *before* we // initialize the new inner window. If we don't, things // (Object.prototype etc) could leak from the old outer to the new // inner scope. ::JS_ClearScope(cx, mJSObject); ::JS_ClearWatchPointsForObject(cx, mJSObject); // Clear the regexp statics for the new page unconditionally. // XXX They don't get restored on the inner window when we go back. ::JS_ClearRegExpStatics(cx); @@ -1172,52 +1177,58 @@ nsGlobalWindow::SetNewDocument(nsIDocume } nsIScriptContext *callerScx; if (cx && (callerScx = GetScriptContextFromJSContext(cx))) { // We're called from document.open() (and document.open() is // called from JS), clear the scope etc in a termination // function on the calling context to prevent clearing the // calling scope. NS_ASSERTION(!currentInner->IsFrozen(), "How does this opened window get into session history"); + + JSAutoRequest ar(cx); + callerScx->SetTerminationFunction(ClearWindowScope, NS_STATIC_CAST(nsIDOMWindow *, currentInner)); termFuncSet = PR_TRUE; } } // Don't clear scope on our current inner window if it's going to be // held in the bfcache. if (!currentInner->IsFrozen()) { if (!termFuncSet) { + JSAutoRequest ar(cx); ::JS_ClearScope(cx, currentInner->mJSObject); ::JS_ClearWatchPointsForObject(cx, currentInner->mJSObject); } // Make the current inner window release its strong references // to the document to prevent it from keeping everything // around. But remember the document's principal. currentInner->mDocument = nsnull; currentInner->mDoc = nsnull; currentInner->mDocumentPrincipal = oldPrincipal; } } mInnerWindow = newInnerWindow; } if (!aState && !reUseInnerWindow) { // Loading a new page and creating a new inner window, *not* // restoring from session history. + JSAutoRequest ar(cx); + // InitClassesWithNewWrappedGlobal() for the new inner window // sets the global object in cx to be the new wrapped global. We // don't want that, but re-initializing the outer window will // fix that for us. And perhaps more importantly, this will // ensure that the outer window gets a new prototype so we don't // leak prototype properties from the old inner window to the // new one. scx->InitContext(this); @@ -1307,44 +1318,46 @@ nsGlobalWindow::SetNewDocument(nsIDocume if (!aState) { if (reUseInnerWindow) { newInnerWindow->mDocument = do_QueryInterface(aDocument); newInnerWindow->mDoc = aDocument; // We're reusing the inner window for a new document. In this // case we don't clear the inner window's scope, but we must // make sure the cached document property gets updated. + JSAutoRequest ar(cx); ::JS_DeleteProperty(cx, currentInner->mJSObject, "document"); } else { rv = newInnerWindow->SetNewDocument(aDocument, nsnull, aClearScopeHint, PR_TRUE); NS_ENSURE_SUCCESS(rv, rv); // Initialize DOM classes etc on the inner window. rv = scx->InitClasses(newInnerWindow->mJSObject); NS_ENSURE_SUCCESS(rv, rv); if (navigatorHolder) { // Restore window.navigator onto the new inner window. JSObject *nav; navigatorHolder->GetJSObject(&nav); + JSAutoRequest ar(cx); ::JS_DefineProperty(cx, newInnerWindow->mJSObject, "navigator", OBJECT_TO_JSVAL(nav), nsnull, nsnull, JSPROP_ENUMERATE); } } if (mArguments) { jsval args = OBJECT_TO_JSVAL(mArguments); - + JSAutoRequest ar(cx); ::JS_SetProperty(cx, newInnerWindow->mJSObject, "arguments", &args); ::JS_UnlockGCThing(cx, mArguments); mArguments = nsnull; } // Give the new inner window our chrome event handler (since it // doesn't have one). newInnerWindow->mChromeEventHandler = mChromeEventHandler; @@ -1377,20 +1390,21 @@ nsGlobalWindow::SetDocShell(nsIDocShell* // (mJSObject) so that it can be retrieved later (until it is // finalized by the JS GC). if (!aDocShell && mContext) { NS_ASSERTION(!mTimeouts, "Uh, outer window holds timeouts!"); JSContext *cx = (JSContext *)mContext->GetNativeContext(); nsGlobalWindow *currentInner = GetCurrentInnerWindowInternal(); if (currentInner) { + JSAutoRequest ar(cx); currentInner->FreeInnerObjects(cx); NS_ASSERTION(mDoc, "Must have doc!"); // Remember the document's principal. mDocumentPrincipal = mDoc->NodePrincipal(); // Release our document reference mDocument = nsnull; mDoc = nsnull; @@ -1681,20 +1695,22 @@ nsGlobalWindow::SetScriptsEnabled(PRBool nsresult nsGlobalWindow::SetNewArguments(PRUint32 aArgc, void* aArgv) { FORWARD_TO_OUTER(SetNewArguments, (aArgc, aArgv), NS_ERROR_NOT_INITIALIZED); JSContext *cx; NS_ENSURE_TRUE(mContext && (cx = (JSContext *)mContext->GetNativeContext()), NS_ERROR_NOT_INITIALIZED); + JSAutoRequest ar(cx); + if (mArguments) { ::JS_UnlockGCThing(cx, mArguments); mArguments = nsnull; } if (aArgc == 0) { return NS_OK; } jsval* argv = NS_STATIC_CAST(jsval*, aArgv); @@ -3309,32 +3325,32 @@ nsGlobalWindow::Prompt(nsAString& aRetur PRUint32 argc; jsval *argv = nsnull; ncc->GetArgc(&argc); ncc->GetArgvPtr(&argv); PRUint32 savePassword = nsIAuthPrompt::SAVE_PASSWORD_NEVER; if (argc > 0) { - nsJSUtils::ConvertJSValToString(message, cx, argv[0]); - - if (argc > 1) { - nsJSUtils::ConvertJSValToString(initial, cx, argv[1]); - - if (argc > 2) { + JSAutoRequest ar(cx); + switch (argc) { + default: + case 4: + nsJSUtils::ConvertJSValToUint32(&savePassword, cx, argv[3]); + case 3: nsJSUtils::ConvertJSValToString(title, cx, argv[2]); - - if (argc > 3) { - nsJSUtils::ConvertJSValToUint32(&savePassword, cx, argv[3]); - } - } + case 2: + nsJSUtils::ConvertJSValToString(initial, cx, argv[1]); + case 1: + nsJSUtils::ConvertJSValToString(message, cx, argv[0]); + break; } } return Prompt(message, initial, title, savePassword, aReturn); } NS_IMETHODIMP nsGlobalWindow::Focus() { FORWARD_TO_OUTER(Focus, (), NS_ERROR_NOT_INITIALIZED); @@ -4143,28 +4159,30 @@ nsGlobalWindow::Open(nsIDOMWindow **_ret nsAutoString url, name, options; PRUint32 argc; jsval *argv = nsnull; ncc->GetArgc(&argc); ncc->GetArgvPtr(&argv); if (argc > 0) { - nsJSUtils::ConvertJSValToString(url, cx, argv[0]); - - if (argc > 1) { - nsJSUtils::ConvertJSValToString(name, cx, argv[1]); - - if (argc > 2) { + JSAutoRequest ar(cx); + switch (argc) { + default: + case 3: nsJSUtils::ConvertJSValToString(options, cx, argv[2]); - } + case 2: + nsJSUtils::ConvertJSValToString(name, cx, argv[1]); + case 1: + nsJSUtils::ConvertJSValToString(url, cx, argv[0]); + break; } } return OpenInternal(url, name, options, PR_FALSE, // aDialog PR_FALSE, // aCalledNoScript PR_TRUE, // aDoJSFixups nsnull, 0, nsnull, // No args _retval); } @@ -4206,28 +4224,30 @@ nsGlobalWindow::OpenDialog(nsIDOMWindow* nsAutoString url, name, options; PRUint32 argc; jsval *argv = nsnull; ncc->GetArgc(&argc); ncc->GetArgvPtr(&argv); if (argc > 0) { - nsJSUtils::ConvertJSValToString(url, cx, argv[0]); - - if (argc > 1) { - nsJSUtils::ConvertJSValToString(name, cx, argv[1]); - - if (argc > 2) { + JSAutoRequest ar(cx); + switch (argc) { + default: + case 3: nsJSUtils::ConvertJSValToString(options, cx, argv[2]); - } + case 2: + nsJSUtils::ConvertJSValToString(name, cx, argv[1]); + case 1: + nsJSUtils::ConvertJSValToString(url, cx, argv[0]); + break; } } return OpenInternal(url, name, options, PR_TRUE, // aDialog PR_FALSE, // aCalledNoScript PR_FALSE, // aDoJSFixups argv, argc, nsnull, // Arguments _retval); } @@ -4633,52 +4653,58 @@ nsGlobalWindow::Find(PRBool *aDidFind) // Parse the arguments passed to the function nsAutoString searchStr; PRBool caseSensitive = PR_FALSE; PRBool backwards = PR_FALSE; PRBool wrapAround = PR_FALSE; PRBool showDialog = PR_FALSE; PRBool wholeWord = PR_FALSE; PRBool searchInFrames = PR_FALSE; if (argc > 0) { - // First arg is the search pattern - nsJSUtils::ConvertJSValToString(searchStr, cx, argv[0]); - } - - if (argc > 1 && !JS_ValueToBoolean(cx, argv[1], &caseSensitive)) { - // Second arg is the case sensitivity - caseSensitive = PR_FALSE; - } - - if (argc > 2 && !JS_ValueToBoolean(cx, argv[2], &backwards)) { - // Third arg specifies whether to search backwards - backwards = PR_FALSE; - } - - if (argc > 3 && !JS_ValueToBoolean(cx, argv[3], &wrapAround)) { - // Fourth arg specifies whether we should wrap the search - wrapAround = PR_FALSE; - } - - if (argc > 4 && !JS_ValueToBoolean(cx, argv[4], &wholeWord)) { - // Fifth arg specifies whether we should show the Find dialog - wholeWord = PR_FALSE; - } - - if (argc > 5 && !JS_ValueToBoolean(cx, argv[5], &searchInFrames)) { - // Sixth arg specifies whether we should search only for whole words - searchInFrames = PR_FALSE; - } - - if (argc > 6 && !JS_ValueToBoolean(cx, argv[6], &showDialog)) { - // Seventh arg specifies whether we should search in all frames - showDialog = PR_FALSE; + JSAutoRequest ar(cx); + switch (argc) { + default: + case 7: + if (!JS_ValueToBoolean(cx, argv[6], &showDialog)) { + // Seventh arg specifies whether we should search in all frames + showDialog = PR_FALSE; + } + case 6: + if (!JS_ValueToBoolean(cx, argv[5], &searchInFrames)) { + // Sixth arg specifies whether we should search only for whole words + searchInFrames = PR_FALSE; + } + case 5: + if (!JS_ValueToBoolean(cx, argv[4], &wholeWord)) { + // Fifth arg specifies whether we should show the Find dialog + wholeWord = PR_FALSE; + } + case 4: + if (!JS_ValueToBoolean(cx, argv[3], &wrapAround)) { + // Fourth arg specifies whether we should wrap the search + wrapAround = PR_FALSE; + } + case 3: + if (!JS_ValueToBoolean(cx, argv[2], &backwards)) { + // Third arg specifies whether to search backwards + backwards = PR_FALSE; + } + case 2: + if (!JS_ValueToBoolean(cx, argv[1], &caseSensitive)) { + // Second arg is the case sensitivity + caseSensitive = PR_FALSE; + } + case 1: + // First arg is the search pattern + nsJSUtils::ConvertJSValToString(searchStr, cx, argv[0]); + break; + } } return FindInternal(searchStr, caseSensitive, backwards, wrapAround, wholeWord, searchInFrames, showDialog, aDidFind); } nsresult nsGlobalWindow::FindInternal(const nsAString& aStr, PRBool caseSensitive, PRBool backwards, PRBool wrapAround, PRBool wholeWord, PRBool searchInFrames, @@ -5189,20 +5215,22 @@ nsGlobalWindow::GetObjectProperty(const JSContext *cx; NS_ENSURE_SUCCESS(stack->Peek(&cx), NS_ERROR_FAILURE); if (!cx) { stack->GetSafeJSContext(&cx); NS_ENSURE_TRUE(cx, NS_ERROR_FAILURE); } jsval propertyVal; + JSAutoRequest ar(cx); + if (!::JS_LookupUCProperty(cx, mJSObject, NS_REINTERPRET_CAST(const jschar *, aProperty), nsCRT::strlen(aProperty), &propertyVal)) { return NS_ERROR_FAILURE; } if (!nsJSUtils::ConvertJSValToXPCObject(aObject, NS_GET_IID(nsISupports), cx, propertyVal)) { return NS_ERROR_FAILURE; } @@ -5915,20 +5943,22 @@ void nsGlobalWindow::ClearWindowScope(nsISupports *aWindow) { nsCOMPtr sgo(do_QueryInterface(aWindow)); nsIScriptContext *scx = sgo->GetContext(); if (scx) { JSContext *cx = (JSContext *)scx->GetNativeContext(); JSObject *global = sgo->GetGlobalJSObject(); + JSAutoRequest ar(cx); + if (global) { ::JS_ClearScope(cx, global); ::JS_ClearWatchPointsForObject(cx, global); } ::JS_ClearRegExpStatics(cx); } } //***************************************************************************** @@ -5970,51 +6000,53 @@ nsGlobalWindow::SetTimeoutOrInterval(PRB jsval *argv = nsnull; ncc->GetArgc(&argc); ncc->GetArgvPtr(&argv); JSString *expr = nsnull; JSObject *funobj = nsnull; nsTimeout *timeout; int32 interval = 0; + JSAutoRequest ar(cx); + if (argc < 1) { ::JS_ReportError(cx, "Function %s requires at least 1 parameter", - aIsInterval ? kSetIntervalStr : kSetTimeoutStr); + aIsInterval ? kSetIntervalStr : kSetTimeoutStr); return ncc->SetExceptionWasThrown(PR_TRUE); } if (argc > 1 && !::JS_ValueToECMAInt32(cx, argv[1], &interval)) { ::JS_ReportError(cx, - "Second argument to %s must be a millisecond interval", - aIsInterval ? kSetIntervalStr : kSetTimeoutStr); + "Second argument to %s must be a millisecond interval", + aIsInterval ? kSetIntervalStr : kSetTimeoutStr); return ncc->SetExceptionWasThrown(PR_TRUE); } switch (::JS_TypeOfValue(cx, argv[0])) { case JSTYPE_FUNCTION: funobj = JSVAL_TO_OBJECT(argv[0]); break; case JSTYPE_STRING: case JSTYPE_OBJECT: expr = ::JS_ValueToString(cx, argv[0]); if (!expr) return NS_ERROR_OUT_OF_MEMORY; argv[0] = STRING_TO_JSVAL(expr); break; default: ::JS_ReportError(cx, "useless %s call (missing quotes around argument?)", - aIsInterval ? kSetIntervalStr : kSetTimeoutStr); + aIsInterval ? kSetIntervalStr : kSetTimeoutStr); return ncc->SetExceptionWasThrown(PR_TRUE); } if (interval < DOM_MIN_TIMEOUT_VALUE) { // Don't allow timeouts less than DOM_MIN_TIMEOUT_VALUE from // now... interval = DOM_MIN_TIMEOUT_VALUE; } @@ -6043,21 +6075,21 @@ nsGlobalWindow::SetTimeoutOrInterval(PRB if (expr) { if (!::JS_AddNamedRoot(cx, &timeout->mExpr, "timeout.mExpr")) { timeout->Release(scx); return NS_ERROR_OUT_OF_MEMORY; } timeout->mExpr = expr; } else if (funobj) { /* Leave an extra slot for a secret final argument that - indicates to the called function how "late" the timeout is. */ + indicates to the called function how "late" the timeout is. */ timeout->mArgv = (jsval *) PR_MALLOC((argc - 1) * sizeof(jsval)); if (!timeout->mArgv) { timeout->Release(scx); return NS_ERROR_OUT_OF_MEMORY; } if (!::JS_AddNamedRoot(cx, &timeout->mFunObj, "timeout.mFunObj")) { timeout->Release(scx); @@ -6602,20 +6634,22 @@ nsGlobalWindow::ClearTimeoutOrInterval() return NS_OK; } jsval *argv = nsnull; ncc->GetArgvPtr(&argv); int32 timer_id; + JSAutoRequest ar(cx); + if (argv[0] == JSVAL_VOID || !::JS_ValueToInt32(cx, argv[0], &timer_id) || timer_id <= 0) { // Undefined or non-positive number passed as argument, return // early. Make sure that JS_ValueToInt32 didn't set an exception. ::JS_ClearPendingException(cx); return NS_OK; } PRUint32 public_id = (PRUint32)timer_id; @@ -7800,31 +7834,33 @@ nsNavigator::Preference() jsval *argv = nsnull; ncc->GetArgvPtr(&argv); NS_ENSURE_TRUE(argv, NS_ERROR_UNEXPECTED); JSContext *cx = nsnull; rv = ncc->GetJSContext(&cx); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + //--Check to see if the caller is allowed to access prefs if (sPrefInternal_id == JSVAL_VOID) { sPrefInternal_id = STRING_TO_JSVAL(::JS_InternString(cx, "preferenceinternal")); } PRUint32 action; if (argc == 1) { - action = nsIXPCSecurityManager::ACCESS_GET_PROPERTY; + action = nsIXPCSecurityManager::ACCESS_GET_PROPERTY; } else { - action = nsIXPCSecurityManager::ACCESS_SET_PROPERTY; + action = nsIXPCSecurityManager::ACCESS_SET_PROPERTY; } rv = nsContentUtils::GetSecurityManager()-> CheckPropertyAccess(cx, nsnull, "Navigator", sPrefInternal_id, action); if (NS_FAILED(rv)) { return NS_OK; } nsIPrefBranch *prefBranch = nsContentUtils::GetPrefBranch(); NS_ENSURE_STATE(prefBranch); Index: mozilla/dom/src/base/nsJSEnvironment.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/base/nsJSEnvironment.cpp,v retrieving revision 1.280 diff -pU10 -r1.280 mozilla/dom/src/base/nsJSEnvironment.cpp --- mozilla/dom/src/base/nsJSEnvironment.cpp +++ mozilla/dom/src/base/nsJSEnvironment.cpp @@ -875,22 +875,25 @@ nsJSContext::EvaluateStringWithValue(con JSVersion newVersion = JSVERSION_UNKNOWN; // SecurityManager said "ok", but don't execute if aVersion is specified // and unknown. Do execute with the default version (and avoid thrashing // the context's version) if aVersion is not specified. ok = (!aVersion || (newVersion = ::JS_StringToVersion(aVersion)) != JSVERSION_UNKNOWN); if (ok) { JSVersion oldVersion = JSVERSION_UNKNOWN; + JSAutoRequest ar(mContext); + if (aVersion) oldVersion = ::JS_SetVersion(mContext, newVersion); + ok = ::JS_EvaluateUCScriptForPrincipals(mContext, (JSObject *)aScopeObject, jsprin, (jschar*)PromiseFlatString(aScript).get(), aScript.Length(), aURL, aLineNo, &val); if (aVersion) { @@ -1059,22 +1062,25 @@ nsJSContext::EvaluateString(const nsAStr JSVersion newVersion = JSVERSION_UNKNOWN; // SecurityManager said "ok", but don't execute if aVersion is specified // and unknown. Do execute with the default version (and avoid thrashing // the context's version) if aVersion is not specified. ok = (!aVersion || (newVersion = ::JS_StringToVersion(aVersion)) != JSVERSION_UNKNOWN); if (ok) { JSVersion oldVersion = JSVERSION_UNKNOWN; + JSAutoRequest ar(mContext); + if (aVersion) oldVersion = ::JS_SetVersion(mContext, newVersion); + ok = ::JS_EvaluateUCScriptForPrincipals(mContext, (JSObject *)aScopeObject, jsprin, (jschar*)PromiseFlatString(aScript).get(), aScript.Length(), aURL, aLineNo, &val); if (aVersion) { @@ -1089,20 +1095,21 @@ nsJSContext::EvaluateString(const nsAStr nsContentUtils::NotifyXPCIfExceptionPending(mContext); } } } // Whew! Finally done with these manually ref-counted things. JSPRINCIPALS_DROP(mContext, jsprin); // If all went well, convert val to a string (XXXbe unless undefined?). if (ok) { + JSAutoRequest ar(mContext); rv = JSValueToAString(mContext, val, aRetValue, aIsUndefined); } else { if (aIsUndefined) { *aIsUndefined = PR_TRUE; } if (aRetValue) { aRetValue->Truncate(); } @@ -1151,39 +1158,41 @@ nsJSContext::CompileScript(const PRUnich *aScriptObject = nsnull; if (ok) { JSVersion newVersion = JSVERSION_UNKNOWN; // SecurityManager said "ok", but don't compile if aVersion is specified // and unknown. Do compile with the default version (and avoid thrashing // the context's version) if aVersion is not specified. if (!aVersion || (newVersion = ::JS_StringToVersion(aVersion)) != JSVERSION_UNKNOWN) { JSVersion oldVersion = JSVERSION_UNKNOWN; + + JSAutoRequest ar(mContext); + if (aVersion) oldVersion = ::JS_SetVersion(mContext, newVersion); JSScript* script = ::JS_CompileUCScriptForPrincipals(mContext, (JSObject*) aScopeObject, jsprin, (jschar*) aText, aTextLength, aURL, aLineNo); if (script) { *aScriptObject = (void*) ::JS_NewScriptObject(mContext, script); if (! *aScriptObject) { ::JS_DestroyScript(mContext, script); script = nsnull; } - } - if (!script) + } else rv = NS_ERROR_OUT_OF_MEMORY; if (aVersion) ::JS_SetVersion(mContext, oldVersion); } } // Whew! Finally done with these manually ref-counted things. JSPRINCIPALS_DROP(mContext, jsprin); return rv; @@ -1223,29 +1232,29 @@ nsJSContext::ExecuteScript(void* aScript } // The result of evaluation, used only if there were no errors. This need // not be a GC root currently, provided we run the GC only from the branch // callback or from ScriptEvaluated. TODO: use JS_Begin/EndRequest to keep // the GC from racing with JS execution on any thread. jsval val; JSBool ok; nsJSContext::TerminationFuncHolder holder(this); + JSAutoRequest ar(mContext); ok = ::JS_ExecuteScript(mContext, (JSObject*) aScopeObject, (JSScript*) ::JS_GetPrivate(mContext, (JSObject*)aScriptObject), &val); if (ok) { // If all went well, convert val to a string (XXXbe unless undefined?). - rv = JSValueToAString(mContext, val, aRetValue, aIsUndefined); } else { if (aIsUndefined) { *aIsUndefined = PR_TRUE; } if (aRetValue) { aRetValue->Truncate(); } @@ -1320,20 +1329,22 @@ nsJSContext::CompileEventHandler(void *a NS_ENSURE_SUCCESS(rv, rv); prin->GetJSPrincipals(mContext, &jsprin); NS_ENSURE_TRUE(jsprin, NS_ERROR_NOT_AVAILABLE); } const char *charName = AtomToEventHandlerName(aName); const char *argList[] = { aEventName }; + JSAutoRequest ar(mContext); + JSFunction* fun = ::JS_CompileUCFunctionForPrincipals(mContext, aShared ? nsnull : target, jsprin, charName, 1, argList, (jschar*)PromiseFlatString(aBody).get(), aBody.Length(), aURL, aLineNo); if (jsprin) { JSPRINCIPALS_DROP(mContext, jsprin); @@ -1369,20 +1380,23 @@ nsJSContext::CompileFunction(void* aTarg nsCOMPtr globalData = do_QueryInterface(global); if (globalData) { nsIPrincipal *prin = globalData->GetPrincipal(); if (!prin) return NS_ERROR_FAILURE; prin->GetJSPrincipals(mContext, &jsprin); } } JSObject *target = (JSObject*)aTarget; + + JSAutoRequest ar(mContext); + JSFunction* fun = ::JS_CompileUCFunctionForPrincipals(mContext, aShared ? nsnull : target, jsprin, PromiseFlatCString(aName).get(), aArgCount, aArgArray, (jschar*)PromiseFlatString(aBody).get(), aBody.Length(), aURL, aLineNo); if (jsprin) @@ -1417,41 +1431,45 @@ nsJSContext::CallEventHandler(JSObject * if (NS_FAILED(rv) || NS_FAILED(stack->Push(mContext))) return NS_ERROR_FAILURE; // check if the event handler can be run on the object in question rv = sSecurityManager->CheckFunctionAccess(mContext, aHandler, aTarget); nsJSContext::TerminationFuncHolder holder(this); if (NS_SUCCEEDED(rv)) { jsval funval = OBJECT_TO_JSVAL(aHandler); - PRBool ok = ::JS_CallFunctionValue(mContext, aTarget, funval, argc, argv, - rval); + + JSAutoRequest ar(mContext); + + PRBool ok = ::JS_CallFunctionValue(mContext, aTarget, funval, argc, argv, rval); if (!ok) { // Tell XPConnect about any pending exceptions. This is needed // to avoid dropping JS exceptions in case we got here through // nested calls through XPConnect. nsContentUtils::NotifyXPCIfExceptionPending(mContext); // Don't pass back results from failed calls. *rval = JSVAL_VOID; // Tell the caller that the handler threw an error. rv = NS_ERROR_FAILURE; } } if (NS_FAILED(stack->Pop(nsnull))) return NS_ERROR_FAILURE; + JSAutoRequest ar(mContext); + // Need to lock, since ScriptEvaluated can GC. PRBool locked = PR_FALSE; if (NS_SUCCEEDED(rv) && JSVAL_IS_GCTHING(*rval)) { locked = ::JS_LockGCThing(mContext, JSVAL_TO_GCTHING(*rval)); if (!locked) { rv = NS_ERROR_OUT_OF_MEMORY; } } // ScriptEvaluated needs to come after we pop the stack @@ -1478,20 +1496,22 @@ nsJSContext::BindCompiledEventHandler(vo nsresult rv; // Push our JSContext on our thread's context stack, in case native code // called from JS calls back into JS via XPConnect. nsCOMPtr stack = do_GetService("@mozilla.org/js/xpc/ContextStack;1", &rv); if (NS_FAILED(rv) || NS_FAILED(stack->Push(mContext))) { return NS_ERROR_FAILURE; } + JSAutoRequest ar(mContext); + // Make sure the handler function is parented by its event target object if (funobj && ::JS_GetParent(mContext, funobj) != target) { funobj = ::JS_CloneFunctionObject(mContext, funobj, target); if (!funobj) rv = NS_ERROR_OUT_OF_MEMORY; } if (NS_SUCCEEDED(rv) && !::JS_DefineProperty(mContext, target, charName, OBJECT_TO_JSVAL(funobj), nsnull, nsnull, @@ -1618,20 +1638,21 @@ nsJSContext::InitContext(nsIScriptGlobal rv = xpc->InitClassesWithNewWrappedGlobal(mContext, aGlobalObject, NS_GET_IID(nsISupports), flags, getter_AddRefs(holder)); NS_ENSURE_SUCCESS(rv, rv); // Now check whether we need to grab a pointer to the // XPCNativeWrapper class if (!NS_DOMClassInfo_GetXPCNativeWrapperClass()) { + JSAutoRequest ar(mContext); rv = FindXPCNativeWrapperClass(holder); NS_ENSURE_SUCCESS(rv, rv); } } else { // If there's already a global object in mContext we're called // after ::JS_ClearScope() was called. We'll have to tell // XPConnect to re-initialize the global object to do things like // define the Components object on the global again and forget all // old prototypes in this scope. rv = xpc->InitClasses(mContext, global); @@ -1686,20 +1707,21 @@ nsJSContext::InitializeLiveConnectClasse if (NS_SUCCEEDED(rv) && jvmManager) { PRBool javaEnabled = PR_FALSE; rv = jvmManager->GetJavaEnabled(&javaEnabled); if (NS_SUCCEEDED(rv) && javaEnabled) { nsCOMPtr liveConnectManager = do_QueryInterface(jvmManager); if (liveConnectManager) { + JSAutoRequest ar(mContext); rv = liveConnectManager->InitLiveConnectClasses(mContext, aGlobalObj); } } } #endif /* OJI */ // return all is well until things are stable. return NS_OK; } @@ -1989,20 +2011,22 @@ nsresult nsJSContext::InitClasses(JSObject *aGlobalObj) { nsresult rv = NS_OK; rv = InitializeExternalClasses(); NS_ENSURE_SUCCESS(rv, rv); rv = InitializeLiveConnectClasses(aGlobalObj); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(mContext); + // Initialize the options object and set default options in mContext JSObject *optionsObj = ::JS_DefineObject(mContext, aGlobalObj, "_options", &OptionsClass, nsnull, 0); if (optionsObj && ::JS_DefineProperties(mContext, optionsObj, OptionsProperties)) { ::JS_SetOptions(mContext, mDefaultJSOptions); } else { rv = NS_ERROR_FAILURE; } Index: mozilla/dom/src/base/nsLocation.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/base/nsLocation.cpp,v retrieving revision 1.139 diff -pU10 -r1.139 mozilla/dom/src/base/nsLocation.cpp --- mozilla/dom/src/base/nsLocation.cpp +++ mozilla/dom/src/base/nsLocation.cpp @@ -890,20 +890,21 @@ nsLocation::Reload() jsval *argv = nsnull; ncc->GetArgvPtr(&argv); NS_ENSURE_TRUE(argv, NS_ERROR_UNEXPECTED); JSContext *cx = nsnull; rv = ncc->GetJSContext(&cx); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); JS_ValueToBoolean(cx, argv[0], &force_get); } return Reload(force_get); } NS_IMETHODIMP nsLocation::Replace(const nsAString& aUrl) { nsresult rv = NS_OK; Index: mozilla/dom/src/base/nsPluginArray.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/base/nsPluginArray.cpp,v retrieving revision 1.30 diff -pU10 -r1.30 mozilla/dom/src/base/nsPluginArray.cpp --- mozilla/dom/src/base/nsPluginArray.cpp +++ mozilla/dom/src/base/nsPluginArray.cpp @@ -263,20 +263,21 @@ nsPluginArray::Refresh() jsval *argv = nsnull; ncc->GetArgvPtr(&argv); NS_ENSURE_TRUE(argv, NS_ERROR_UNEXPECTED); JSContext *cx = nsnull; rv = ncc->GetJSContext(&cx); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); JS_ValueToBoolean(cx, argv[0], &reload_doc); } return Refresh(reload_doc); } nsresult nsPluginArray::GetPlugins() { nsresult rv = GetLength(&mPluginCount); Index: mozilla/dom/src/events/nsJSEventListener.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/events/nsJSEventListener.cpp,v retrieving revision 1.53 diff -pU10 -r1.53 mozilla/dom/src/events/nsJSEventListener.cpp --- mozilla/dom/src/events/nsJSEventListener.cpp +++ mozilla/dom/src/events/nsJSEventListener.cpp @@ -53,29 +53,33 @@ */ nsJSEventListener::nsJSEventListener(nsIScriptContext *aContext, JSObject *aScopeObject, nsISupports *aObject) : nsIJSEventListener(aContext, aScopeObject, aObject), mReturnResult(nsReturnResult_eNotSet) { if (aScopeObject && aContext) { JSContext *cx = (JSContext *)aContext->GetNativeContext(); + JSAutoRequest ar(cx); + ::JS_LockGCThing(cx, aScopeObject); } } nsJSEventListener::~nsJSEventListener() { if (mScopeObject && mContext) { JSContext *cx = (JSContext *)mContext->GetNativeContext(); + JSAutoRequest ar(cx); + ::JS_UnlockGCThing(cx, mScopeObject); } } NS_INTERFACE_MAP_BEGIN(nsJSEventListener) NS_INTERFACE_MAP_ENTRY(nsIDOMEventListener) NS_INTERFACE_MAP_ENTRY(nsIJSEventListener) NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIDOMEventListener) NS_INTERFACE_MAP_END @@ -131,20 +135,22 @@ nsJSEventListener::HandleEvent(nsIDOMEve // root nsCOMPtr wrapper; rv = xpc->WrapNative(cx, mScopeObject, mTarget, NS_GET_IID(nsISupports), getter_AddRefs(wrapper)); NS_ENSURE_SUCCESS(rv, rv); JSObject* obj = nsnull; rv = wrapper->GetJSObject(&obj); NS_ENSURE_SUCCESS(rv, rv); + JSAutoRequest ar(cx); + if (!JS_LookupUCProperty(cx, obj, NS_REINTERPRET_CAST(const jschar *, eventString.get()), eventString.Length(), &funval)) { return NS_ERROR_FAILURE; } if (JS_TypeOfValue(cx, funval) != JSTYPE_FUNCTION) { return NS_OK; } @@ -163,38 +169,37 @@ nsJSEventListener::HandleEvent(nsIDOMEve argv = ::JS_PushArguments(cx, &stackPtr, "WWi", scriptEvent->errorMsg, scriptEvent->fileName, scriptEvent->lineNr); NS_ENSURE_TRUE(argv, NS_ERROR_OUT_OF_MEMORY); argc = 3; handledScriptError = PR_TRUE; } } if (!handledScriptError) { rv = xpc->WrapNative(cx, obj, aEvent, NS_GET_IID(nsIDOMEvent), - getter_AddRefs(wrapper)); + getter_AddRefs(wrapper)); NS_ENSURE_SUCCESS(rv, rv); JSObject *eventObj = nsnull; rv = wrapper->GetJSObject(&eventObj); NS_ENSURE_SUCCESS(rv, rv); argv[0] = OBJECT_TO_JSVAL(eventObj); argc = 1; } jsval rval; rv = mContext->CallEventHandler(obj, JSVAL_TO_OBJECT(funval), argc, argv, &rval); - if (argv != &arg) { + if (argv != &arg) ::JS_PopArguments(cx, stackPtr); - } if (NS_SUCCEEDED(rv)) { if (eventString.EqualsLiteral("onbeforeunload")) { nsCOMPtr priv(do_QueryInterface(aEvent)); NS_ENSURE_TRUE(priv, NS_ERROR_UNEXPECTED); nsEvent* event; priv->GetInternalNSEvent(&event); NS_ENSURE_TRUE(event && event->message == NS_BEFORE_PAGE_UNLOAD, NS_ERROR_UNEXPECTED); @@ -211,23 +216,22 @@ nsJSEventListener::HandleEvent(nsIDOMEve if (JSVAL_IS_STRING(rval) && beforeUnload->text.IsEmpty()) { beforeUnload->text = nsDependentJSString(JSVAL_TO_STRING(rval)); } } } else if (JSVAL_IS_BOOLEAN(rval)) { // If the handler returned false and its sense is not reversed, // or the handler returned true and its sense is reversed from // the usual (false means cancel), then prevent default. if (JSVAL_TO_BOOLEAN(rval) == - (mReturnResult == nsReturnResult_eReverseReturnResult)) { + (mReturnResult == nsReturnResult_eReverseReturnResult)) aEvent->PreventDefault(); - } } } return rv; } /* * Factory functions */ Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp =================================================================== RCS file: /cvsroot/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp,v retrieving revision 1.114 diff -pU10 -r1.114 mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp --- mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp +++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp @@ -1972,36 +1972,39 @@ nsWindowWatcher::AddSupportsTojsvals(nsI switch(type) { case nsISupportsPrimitive::TYPE_CSTRING : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); nsCAutoString data; p->GetData(data); - + JSAutoRequest ar(cx); + JSString *str = ::JS_NewStringCopyN(cx, data.get(), data.Length()); NS_ENSURE_TRUE(str, NS_ERROR_OUT_OF_MEMORY); *aArgv = STRING_TO_JSVAL(str); break; } case nsISupportsPrimitive::TYPE_STRING : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); nsAutoString data; p->GetData(data); + JSAutoRequest ar(cx); + // cast is probably safe since wchar_t and jschar are expected // to be equivalent; both unsigned 16-bit entities JSString *str = ::JS_NewUCStringCopyN(cx, NS_REINTERPRET_CAST(const jschar *,data.get()), data.Length()); NS_ENSURE_TRUE(str, NS_ERROR_OUT_OF_MEMORY); *aArgv = STRING_TO_JSVAL(str); break; @@ -2055,20 +2058,22 @@ nsWindowWatcher::AddSupportsTojsvals(nsI break; } case nsISupportsPrimitive::TYPE_CHAR : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); char data; p->GetData(&data); + JSAutoRequest ar(cx); + JSString *str = ::JS_NewStringCopyN(cx, &data, 1); NS_ENSURE_TRUE(str, NS_ERROR_OUT_OF_MEMORY); *aArgv = STRING_TO_JSVAL(str); break; } case nsISupportsPrimitive::TYPE_PRINT16 : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); @@ -2094,34 +2099,38 @@ nsWindowWatcher::AddSupportsTojsvals(nsI break; } case nsISupportsPrimitive::TYPE_FLOAT : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); float data; p->GetData(&data); + JSAutoRequest ar(cx); + jsdouble *d = ::JS_NewDouble(cx, data); *aArgv = DOUBLE_TO_JSVAL(d); break; } case nsISupportsPrimitive::TYPE_DOUBLE : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); double data; p->GetData(&data); + JSAutoRequest ar(cx); + jsdouble *d = ::JS_NewDouble(cx, data); *aArgv = DOUBLE_TO_JSVAL(d); break; } case nsISupportsPrimitive::TYPE_INTERFACE_POINTER : { nsCOMPtr p(do_QueryInterface(argPrimitive)); NS_ENSURE_TRUE(p, NS_ERROR_UNEXPECTED); Index: mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,v retrieving revision 1.147 diff -pU10 -r1.147 mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp --- mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp +++ mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp @@ -1034,20 +1034,21 @@ nsXMLHttpRequest::Open(const nsACString& rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &crossSiteAccessEnabled); if (NS_FAILED(rv)) return rv; if (crossSiteAccessEnabled) { mState |= XML_HTTP_REQUEST_XSITEENABLED; } else { mState &= ~XML_HTTP_REQUEST_XSITEENABLED; } if (argc > 2) { + JSAutoRequest ar(cx); JSBool asyncBool; ::JS_ValueToBoolean(cx, argv[2], &asyncBool); async = (PRBool)asyncBool; if (argc > 3) { JSString* userStr = ::JS_ValueToString(cx, argv[3]); if (userStr) { user.Assign(NS_REINTERPRET_CAST(PRUnichar *, ::JS_GetStringChars(userStr)), Index: mozilla/js/jsd/jsd_high.c =================================================================== RCS file: /cvsroot/mozilla/js/jsd/jsd_high.c,v retrieving revision 3.13 diff -pU10 -r3.13 mozilla/js/jsd/jsd_high.c --- mozilla/js/jsd/jsd_high.c +++ mozilla/js/jsd/jsd_high.c @@ -128,38 +128,41 @@ _newJSDContext(JSRuntime* jsrt, if( ! jsd_InitObjectManager(jsdc) ) goto label_newJSDContext_failure; if( ! jsd_InitScriptManager(jsdc) ) goto label_newJSDContext_failure; jsdc->dumbContext = JS_NewContext(jsdc->jsrt, 256); if( ! jsdc->dumbContext ) goto label_newJSDContext_failure; + JS_BeginRequest(jsdc->dumbContext); jsdc->glob = JS_NewObject(jsdc->dumbContext, &global_class, NULL, NULL); if( ! jsdc->glob ) goto label_newJSDContext_failure; if( ! JS_InitStandardClasses(jsdc->dumbContext, jsdc->glob) ) goto label_newJSDContext_failure; + JS_EndRequest(jsdc->dumbContext); jsdc->data = NULL; jsdc->inited = JS_TRUE; JSD_LOCK(); JS_INSERT_LINK(&jsdc->links, &_jsd_context_list); JSD_UNLOCK(); return jsdc; label_newJSDContext_failure: if( jsdc ) { + JS_EndRequest(jsdc->dumbContext); jsd_DestroyObjectManager(jsdc); jsd_DestroyAtomTable(jsdc); free(jsdc); } return NULL; } static void _destroyJSDContext(JSDContext* jsdc) { Index: mozilla/js/jsd/jsd_stak.c =================================================================== RCS file: /cvsroot/mozilla/js/jsd/jsd_stak.c,v retrieving revision 3.21 diff -pU10 -r3.21 mozilla/js/jsd/jsd_stak.c --- mozilla/js/jsd/jsd_stak.c +++ mozilla/js/jsd/jsd_stak.c @@ -309,21 +309,23 @@ jsd_GetScopeChainForStackFrame(JSDContex JSDThreadState* jsdthreadstate, JSDStackFrameInfo* jsdframe) { JSObject* obj; JSDValue* jsdval = NULL; JSD_LOCK_THREADSTATES(jsdc); if( jsd_IsValidFrameInThreadState(jsdc, jsdthreadstate, jsdframe) ) { + JS_BeginRequest(jsdthreadstate->context); obj = JS_GetFrameScopeChain(jsdthreadstate->context, jsdframe->fp); + JS_EndRequest(jsdthreadstate->context); if(obj) jsdval = JSD_NewValue(jsdc, OBJECT_TO_JSVAL(obj)); } JSD_UNLOCK_THREADSTATES(jsdc); return jsdval; } JSDValue* Index: mozilla/js/jsd/jsd_val.c =================================================================== RCS file: /cvsroot/mozilla/js/jsd/jsd_val.c,v retrieving revision 3.11 diff -pU10 -r3.11 mozilla/js/jsd/jsd_val.c --- mozilla/js/jsd/jsd_val.c +++ mozilla/js/jsd/jsd_val.c @@ -146,29 +146,30 @@ jsd_IsValueFunction(JSDContext* jsdc, JS JSBool jsd_IsValueNative(JSDContext* jsdc, JSDValue* jsdval) { JSContext* cx = jsdc->dumbContext; jsval val = jsdval->val; JSFunction* fun; JSExceptionState* exceptionState; if(jsd_IsValueFunction(jsdc, jsdval)) { + JSBool ok; + JS_BeginRequest(cx); exceptionState = JS_SaveExceptionState(cx); fun = JS_ValueToFunction(cx, val); JS_RestoreExceptionState(cx, exceptionState); - if(!fun) - { - JS_ASSERT(0); - return JS_FALSE; - } - return JS_GetFunctionScript(cx, fun) ? JS_FALSE : JS_TRUE; + if(fun) + ok = JS_GetFunctionScript(cx, fun) ? JS_TRUE : JS_FALSE; + JS_EndRequest(cx); + JS_ASSERT(fun); + return ok; } return !JSVAL_IS_PRIMITIVE(val); } /***************************************************************************/ JSBool jsd_GetValueBoolean(JSDContext* jsdc, JSDValue* jsdval) { jsval val = jsdval->val; @@ -201,86 +202,98 @@ jsd_GetValueString(JSDContext* jsdc, JSD JSContext* cx = jsdc->dumbContext; JSExceptionState* exceptionState; if(!jsdval->string) { /* if the jsval is a string, then we don't need to double root it */ if(JSVAL_IS_STRING(jsdval->val)) jsdval->string = JSVAL_TO_STRING(jsdval->val); else { + JS_BeginRequest(cx); exceptionState = JS_SaveExceptionState(cx); jsdval->string = JS_ValueToString(cx, jsdval->val); JS_RestoreExceptionState(cx, exceptionState); if(jsdval->string) { if(!JS_AddNamedRoot(cx, &jsdval->string, "ValueString")) jsdval->string = NULL; } + JS_EndRequest(cx); } } return jsdval->string; } const char* jsd_GetValueFunctionName(JSDContext* jsdc, JSDValue* jsdval) { JSContext* cx = jsdc->dumbContext; JSFunction* fun; JSExceptionState* exceptionState; if(!jsdval->funName && jsd_IsValueFunction(jsdc, jsdval)) { + JS_BeginRequest(cx); exceptionState = JS_SaveExceptionState(cx); fun = JS_ValueToFunction(cx, jsdval->val); JS_RestoreExceptionState(cx, exceptionState); + JS_EndRequest(cx); if(!fun) return NULL; jsdval->funName = JS_GetFunctionName(fun); } return jsdval->funName; } /***************************************************************************/ JSDValue* jsd_NewValue(JSDContext* jsdc, jsval val) { JSDValue* jsdval; if(!(jsdval = (JSDValue*) calloc(1, sizeof(JSDValue)))) return NULL; if(JSVAL_IS_GCTHING(val)) { - if(!JS_AddNamedRoot(jsdc->dumbContext, &jsdval->val, "JSDValue")) + JSBool ok = JS_FALSE; + JS_BeginRequest(jsdc->dumbContext); + ok = JS_AddNamedRoot(jsdc->dumbContext, &jsdval->val, "JSDValue"); + JS_EndRequest(jsdc->dumbContext); + if(!ok) { free(jsdval); return NULL; } } jsdval->val = val; jsdval->nref = 1; JS_INIT_CLIST(&jsdval->props); return jsdval; } void jsd_DropValue(JSDContext* jsdc, JSDValue* jsdval) { JS_ASSERT(jsdval->nref > 0); if(0 == --jsdval->nref) { jsd_RefreshValue(jsdc, jsdval); if(JSVAL_IS_GCTHING(jsdval->val)) + { + JS_BeginRequest(jsdc->dumbContext); JS_RemoveRoot(jsdc->dumbContext, &jsdval->val); + JS_EndRequest(jsdc->dumbContext); + } free(jsdval); } } jsval jsd_GetValueWrappedJSVal(JSDContext* jsdc, JSDValue* jsdval) { return jsdval->val; } @@ -333,51 +346,60 @@ static JSBool _buildProps(JSDContext* js JSPropertyDescArray pda; uintN i; JS_ASSERT(JS_CLIST_IS_EMPTY(&jsdval->props)); JS_ASSERT(!(CHECK_BIT_FLAG(jsdval->flags, GOT_PROPS))); JS_ASSERT(JSVAL_IS_OBJECT(jsdval->val)); if(!JSVAL_IS_OBJECT(jsdval->val) || JSVAL_IS_NULL(jsdval->val)) return JS_FALSE; + JS_BeginRequest(cx); if(!JS_GetPropertyDescArray(cx, JSVAL_TO_OBJECT(jsdval->val), &pda)) + { + JS_EndRequest(cx); return JS_FALSE; + } for(i = 0; i < pda.length; i++) { JSDProperty* prop = _newProperty(jsdc, &pda.array[i], 0); if(!prop) { _freeProps(jsdc, jsdval); break; } JS_APPEND_LINK(&prop->links, &jsdval->props); } JS_PutPropertyDescArray(cx, &pda); + JS_EndRequest(cx); SET_BIT_FLAG(jsdval->flags, GOT_PROPS); return !JS_CLIST_IS_EMPTY(&jsdval->props); } #undef DROP_CLEAR_VALUE #define DROP_CLEAR_VALUE(jsdc, x) if(x){jsd_DropValue(jsdc,x); x = NULL;} void jsd_RefreshValue(JSDContext* jsdc, JSDValue* jsdval) { JSContext* cx = jsdc->dumbContext; if(jsdval->string) { /* if the jsval is a string, then we didn't need to root the string */ if(!JSVAL_IS_STRING(jsdval->val)) + { + JS_BeginRequest(cx); JS_RemoveRoot(cx, &jsdval->string); + JS_EndRequest(cx); + } jsdval->string = NULL; } jsdval->funName = NULL; jsdval->className = NULL; DROP_CLEAR_VALUE(jsdc, jsdval->proto); DROP_CLEAR_VALUE(jsdc, jsdval->parent); DROP_CLEAR_VALUE(jsdc, jsdval->ctor); _freeProps(jsdc, jsdval); jsdval->flags = 0; @@ -452,45 +474,55 @@ jsd_GetValueProperty(JSDContext* jsdc, J JSD_DropProperty(jsdc, jsdprop); } /* Not found in property list, look it up explicitly */ if(!(obj = JSVAL_TO_OBJECT(jsdval->val))) return NULL; nameChars = JS_GetStringChars(name); nameLen = JS_GetStringLength(name); + JS_BeginRequest(cx); + JS_GetUCPropertyAttributes(cx, obj, nameChars, nameLen, &attrs, &found); if (!found) + { + JS_EndRequest(cx); return NULL; + } JS_ClearPendingException(cx); if(!JS_GetUCProperty(cx, obj, nameChars, nameLen, &val)) { if (JS_IsExceptionPending(cx)) { if (!JS_GetPendingException(cx, &pd.value)) + { + JS_EndRequest(cx); return NULL; + } pd.flags = JSPD_EXCEPTION; } else { pd.flags = JSPD_ERROR; pd.value = JSVAL_VOID; } } else { pd.value = val; } + JS_EndRequest(cx); + pd.id = STRING_TO_JSVAL(name); pd.alias = pd.slot = pd.spare = 0; pd.flags |= (attrs & JSPROP_ENUMERATE) ? JSPD_ENUMERATE : 0 | (attrs & JSPROP_READONLY) ? JSPD_READONLY : 0 | (attrs & JSPROP_PERMANENT) ? JSPD_PERMANENT : 0; return _newProperty(jsdc, &pd, JSDPD_HINTED); } @@ -500,21 +532,24 @@ jsd_GetValuePrototype(JSDContext* jsdc, if(!(CHECK_BIT_FLAG(jsdval->flags, GOT_PROTO))) { JSObject* obj; JSObject* proto; JS_ASSERT(!jsdval->proto); SET_BIT_FLAG(jsdval->flags, GOT_PROTO); if(!JSVAL_IS_OBJECT(jsdval->val)) return NULL; if(!(obj = JSVAL_TO_OBJECT(jsdval->val))) return NULL; - if(!(proto = JS_GetPrototype(jsdc->dumbContext, obj))) + JS_BeginRequest(jsdc->dumbContext); + proto = JS_GetPrototype(jsdc->dumbContext, obj); + JS_EndRequest(jsdc->dumbContext); + if(!proto) return NULL; jsdval->proto = jsd_NewValue(jsdc, OBJECT_TO_JSVAL(proto)); } if(jsdval->proto) jsdval->proto->nref++; return jsdval->proto; } JSDValue* jsd_GetValueParent(JSDContext* jsdc, JSDValue* jsdval) @@ -522,21 +557,24 @@ jsd_GetValueParent(JSDContext* jsdc, JSD if(!(CHECK_BIT_FLAG(jsdval->flags, GOT_PARENT))) { JSObject* obj; JSObject* parent; JS_ASSERT(!jsdval->parent); SET_BIT_FLAG(jsdval->flags, GOT_PARENT); if(!JSVAL_IS_OBJECT(jsdval->val)) return NULL; if(!(obj = JSVAL_TO_OBJECT(jsdval->val))) return NULL; - if(!(parent = JS_GetParent(jsdc->dumbContext,obj))) + JS_BeginRequest(jsdc->dumbContext); + parent = JS_GetParent(jsdc->dumbContext,obj); + JS_EndRequest(jsdc->dumbContext); + if(!parent) return NULL; jsdval->parent = jsd_NewValue(jsdc, OBJECT_TO_JSVAL(parent)); } if(jsdval->parent) jsdval->parent->nref++; return jsdval->parent; } JSDValue* jsd_GetValueConstructor(JSDContext* jsdc, JSDValue* jsdval) @@ -547,40 +585,45 @@ jsd_GetValueConstructor(JSDContext* jsdc JSObject* proto; JSObject* ctor; JS_ASSERT(!jsdval->ctor); SET_BIT_FLAG(jsdval->flags, GOT_CTOR); if(!JSVAL_IS_OBJECT(jsdval->val)) return NULL; if(!(obj = JSVAL_TO_OBJECT(jsdval->val))) return NULL; if(!(proto = JS_GetPrototype(jsdc->dumbContext,obj))) return NULL; - if(!(ctor = JS_GetConstructor(jsdc->dumbContext,proto))) + JS_BeginRequest(jsdc->dumbContext); + ctor = JS_GetConstructor(jsdc->dumbContext,proto); + JS_EndRequest(jsdc->dumbContext); + if(!ctor) return NULL; jsdval->ctor = jsd_NewValue(jsdc, OBJECT_TO_JSVAL(ctor)); } if(jsdval->ctor) jsdval->ctor->nref++; return jsdval->ctor; } const char* jsd_GetValueClassName(JSDContext* jsdc, JSDValue* jsdval) { jsval val = jsdval->val; if(!jsdval->className && JSVAL_IS_OBJECT(val)) { JSObject* obj; if(!(obj = JSVAL_TO_OBJECT(val))) return NULL; + JS_BeginRequest(jsdc->dumbContext); if(JS_GET_CLASS(jsdc->dumbContext, obj)) jsdval->className = JS_GET_CLASS(jsdc->dumbContext, obj)->name; + JS_EndRequest(jsdc->dumbContext); } return jsdval->className; } /***************************************************************************/ /***************************************************************************/ JSDValue* jsd_GetPropertyName(JSDContext* jsdc, JSDProperty* jsdprop) { Index: mozilla/js/jsd/jsd_xpc.cpp =================================================================== RCS file: /cvsroot/mozilla/js/jsd/jsd_xpc.cpp,v retrieving revision 1.75 diff -pU10 -r1.75 mozilla/js/jsd/jsd_xpc.cpp --- mozilla/js/jsd/jsd_xpc.cpp +++ mozilla/js/jsd/jsd_xpc.cpp @@ -1010,20 +1010,21 @@ jsdScript::~jsdScript () /* * This method populates a line <-> pc map for a pretty printed version of this * script. It does this by decompiling, and then recompiling the script. The * resulting script is scanned for the line map, and then left as GC fodder. */ PCMapEntry * jsdScript::CreatePPLineMap() { JSContext *cx = JSD_GetDefaultJSContext (mCx); + JSAutoRequest ar(cx); JSObject *obj = JS_NewObject(cx, NULL, NULL, NULL); JSFunction *fun = JSD_GetJSFunction (mCx, mScript); JSScript *script; PRUint32 baseLine; PRBool scriptOwner = PR_FALSE; if (fun) { if (fun->nargs > 12) return nsnull; JSString *jsstr = JS_DecompileFunctionBody (cx, fun, 4); @@ -1255,32 +1256,33 @@ jsdScript::GetFunctionObject(jsdIValue * NS_IMETHODIMP jsdScript::GetFunctionSource(nsAString & aFunctionSource) { ASSERT_VALID_EPHEMERAL; JSContext *cx = JSD_GetDefaultJSContext (mCx); if (!cx) { NS_WARNING("No default context !?"); return NS_ERROR_FAILURE; } JSFunction *fun = JSD_GetJSFunction (mCx, mScript); + + JSAutoRequest ar(cx); + JSString *jsstr; if (fun) - { jsstr = JS_DecompileFunction (cx, fun, 4); - } - else - { + else { JSScript *script = JSD_GetJSScript (mCx, mScript); jsstr = JS_DecompileScript (cx, script, "ppscript", 4); } if (!jsstr) return NS_ERROR_FAILURE; + aFunctionSource = NS_REINTERPRET_CAST(PRUnichar*, JS_GetStringChars(jsstr)); return NS_OK; } NS_IMETHODIMP jsdScript::GetBaseLineNumber(PRUint32 *_rval) { *_rval = mBaseLineNumber; return NS_OK; } @@ -1904,35 +1906,39 @@ jsdStackFrame::Eval (const nsAString &by // get pointer to buffer contained in |bytes| nsAString::const_iterator h; bytes.BeginReading(h); const jschar *char_bytes = NS_REINTERPRET_CAST(const jschar *, h.get()); JSExceptionState *estate = 0; jsval jv; JSContext *cx = JSD_GetJSContext (mCx, mThreadState); + + JSAutoRequest ar(cx); + estate = JS_SaveExceptionState (cx); JS_ClearPendingException (cx); *_rval = JSD_AttemptUCScriptInStackFrame (mCx, mThreadState, mStackFrameInfo, char_bytes, bytes.Length(), fileName, line, &jv); if (!*_rval) { if (JS_IsExceptionPending(cx)) JS_GetPendingException (cx, &jv); else jv = 0; } JS_RestoreExceptionState (cx, estate); + JSDValue *jsdv = JSD_NewValue (mCx, jv); if (!jsdv) return NS_ERROR_FAILURE; *result = jsdValue::FromPtr (mCx, jsdv); if (!*result) return NS_ERROR_FAILURE; return NS_OK; } @@ -2224,22 +2230,27 @@ jsdValue::GetProperties (jsdIProperty ** *length = prop_count; return NS_OK; } NS_IMETHODIMP jsdValue::GetProperty (const char *name, jsdIProperty **_rval) { ASSERT_VALID_EPHEMERAL; JSContext *cx = JSD_GetDefaultJSContext (mCx); + + JSAutoRequest ar(cx); + /* not rooting this */ JSString *jstr_name = JS_NewStringCopyZ (cx, name); + if (!jstr_name) + return NS_ERROR_OUT_OF_MEMORY; JSDProperty *prop = JSD_GetValueProperty (mCx, mValue, jstr_name); *_rval = jsdProperty::FromPtr (mCx, prop); return NS_OK; } NS_IMETHODIMP jsdValue::Refresh() { Index: mozilla/js/src/xpconnect/loader/mozJSComponentLoader.h =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/loader/mozJSComponentLoader.h,v retrieving revision 1.26 diff -pU10 -r1.26 mozilla/js/src/xpconnect/loader/mozJSComponentLoader.h --- mozilla/js/src/xpconnect/loader/mozJSComponentLoader.h +++ mozilla/js/src/xpconnect/loader/mozJSComponentLoader.h @@ -136,20 +136,21 @@ class mozJSComponentLoader : public nsIM public: ModuleEntry() { global = nsnull; location = nsnull; } ~ModuleEntry() { module = nsnull; if (global) { + JSAutoRequest ar(sSelf->mContext); JS_ClearScope(sSelf->mContext, global); JS_RemoveRoot(sSelf->mContext, &global); } if (location) NS_Free(location); } nsCOMPtr module; JSObject *global; Index: mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp,v retrieving revision 1.20 diff -pU10 -r1.20 mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp --- mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp +++ mozilla/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp @@ -71,20 +71,22 @@ ExceptionalErrorReporter (JSContext *cx, JSErrorReport *report) { JSObject *ex; JSString *jstr; JSBool ok; if (report && JSREPORT_IS_EXCEPTION (report->flags)) /* if it's already an exception, our job is done. */ return; + JSAutoRequest ar(cx); + ex = JS_NewObject (cx, nsnull, nsnull, nsnull); /* create a jsobject to throw */ if (!ex) goto panic; /* decorate the exception */ if (message) { jstr = JS_NewStringCopyZ (cx, message); if (!jstr) @@ -186,20 +188,22 @@ mozJSSubScriptLoader::LoadSubScript (con nsCOMPtr secman = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); if (!secman) return rv; rv = secman->GetSystemPrincipal(getter_AddRefs(mSystemPrincipal)); if (NS_FAILED(rv) || !mSystemPrincipal) return rv; } + + JSAutoRequest ar(cx); char *url; JSObject *target_obj = nsnull; ok = JS_ConvertArguments (cx, argc, argv, "s / o", &url, &target_obj); if (!ok) { cc->SetExceptionWasThrown (JS_TRUE); /* let the exception raised by JS_ConvertArguments show through */ return NS_OK; } Index: mozilla/js/src/xpconnect/shell/xpcshell.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/shell/xpcshell.cpp,v retrieving revision 1.92 diff -pU10 -r1.92 mozilla/js/src/xpconnect/shell/xpcshell.cpp --- mozilla/js/src/xpconnect/shell/xpcshell.cpp +++ mozilla/js/src/xpconnect/shell/xpcshell.cpp @@ -1076,26 +1076,33 @@ main(int argc, char **argv, char **envp) FLAG_SYSTEM_GLOBAL_OBJECT, getter_AddRefs(holder)); if (NS_FAILED(rv)) return 1; rv = holder->GetJSObject(&glob); if (NS_FAILED(rv)) { NS_ASSERTION(glob == nsnull, "bad GetJSObject?"); return 1; } - if (!JS_DefineFunctions(cx, glob, glob_functions)) + + JS_BeginRequest(cx); + + if (!JS_DefineFunctions(cx, glob, glob_functions)) { + JS_EndRequest(cx); return 1; + } envobj = JS_DefineObject(cx, glob, "environment", &env_class, NULL, 0); - if (!envobj || !JS_SetPrivate(cx, envobj, envp)) + if (!envobj || !JS_SetPrivate(cx, envobj, envp)) { + JS_EndRequest(cx); return 1; + } argc--; argv++; result = ProcessArgs(cx, glob, argv, argc); //#define TEST_CALL_ON_WRAPPED_JS_AFTER_SHUTDOWN 1 #ifdef TEST_CALL_ON_WRAPPED_JS_AFTER_SHUTDOWN Index: mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp,v retrieving revision 1.41 diff -pU10 -r1.41 mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp --- mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp +++ mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp @@ -674,20 +674,22 @@ XPC_NW_NewResolve(JSContext *cx, JSObjec // trigger reflection along the wrapped native prototype chain. // All we need to do is define the property in obj if it exists in // the wrapped native's object. if (ShouldBypassNativeWrapper(cx, obj)) { XPCWrappedNative *wn = XPCNativeWrapper::GetWrappedNative(cx, obj); if (!wn) { return JS_TRUE; } + JSAutoRequest ar(cx); + jsid interned_id; JSObject *pobj; JSProperty *prop; if (!::JS_ValueToId(cx, id, &interned_id) || !OBJ_LOOKUP_PROPERTY(cx, wn->GetFlatJSObject(), interned_id, &pobj, &prop)) { return JS_FALSE; } @@ -858,22 +860,22 @@ XPC_NW_NewResolve(JSContext *cx, JSObjec printf("Wrapping function object for %s\n", ::JS_GetStringBytes(JSVAL_TO_STRING(id))); #endif if (!WrapFunction(cx, funobj, &v)) { return JS_FALSE; } } if (!::JS_DefineUCProperty(cx, obj, ::JS_GetStringChars(str), - ::JS_GetStringLength(str), v, nsnull, nsnull, - attrs)) { + ::JS_GetStringLength(str), v, nsnull, nsnull, + attrs)) { return JS_FALSE; } *objp = obj; return JS_TRUE; } JS_STATIC_DLL_CALLBACK(JSBool) XPC_NW_Convert(JSContext *cx, JSObject *obj, JSType type, jsval *vp) Index: mozilla/js/src/xpconnect/src/xpcdebug.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/src/xpcdebug.cpp,v retrieving revision 1.14 diff -pU10 -r1.14 mozilla/js/src/xpconnect/src/xpcdebug.cpp --- mozilla/js/src/xpconnect/src/xpcdebug.cpp +++ mozilla/js/src/xpconnect/src/xpcdebug.cpp @@ -41,20 +41,21 @@ #include "xpcprivate.h" #if defined(DEBUG_xpc_hacker) || defined(DEBUG) #ifdef TAB #undef TAB #endif #define TAB " " static const char* JSVAL2String(JSContext* cx, jsval val, JSBool* isString) { + JSAutoRequest ar(cx); const char* value = nsnull; JSString* value_str = JS_ValueToString(cx, val); if(value_str) value = JS_GetStringBytes(value_str); if(value) { const char* found = strstr(value, "function "); if(found && (value == found || value+1 == found || value+2 == found)) value = "[function]"; } @@ -82,20 +83,23 @@ static char* FormatJSFrame(JSContext* cx uint32 namedArgCount = 0; jsval val; const char* name; const char* value; JSBool isString; // get the info for this stack frame JSScript* script = JS_GetFrameScript(cx, fp); jsbytecode* pc = JS_GetFramePC(cx, fp); + + JSAutoRequest ar(cx); + if(script && pc) { filename = JS_GetScriptFilename(cx, script); lineno = (PRInt32) JS_PCToLineNumber(cx, script, pc); fun = JS_GetFrameFunction(cx, fp); if(fun) funname = JS_GetFunctionName(fun); if(showArgs || showLocals) { @@ -330,20 +334,22 @@ xpc_DumpEvalInJSStackFrame(JSContext* cx break; num++; } if(!fp) { puts("invalid frame number!"); return JS_FALSE; } + JSAutoRequest ar(cx); + JSExceptionState* exceptionState = JS_SaveExceptionState(cx); JSErrorReporter older = JS_SetErrorReporter(cx, xpcDumpEvalErrorReporter); jsval rval; JSString* str; const char* chars; if(JS_EvaluateInStackFrame(cx, fp, text, strlen(text), "eval", 1, &rval) && nsnull != (str = JS_ValueToString(cx, rval)) && nsnull != (chars = JS_GetStringBytes(str))) { Index: mozilla/js/src/xpconnect/src/xpcjsruntime.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp,v retrieving revision 1.44 diff -pU10 -r1.44 mozilla/js/src/xpconnect/src/xpcjsruntime.cpp --- mozilla/js/src/xpconnect/src/xpcjsruntime.cpp +++ mozilla/js/src/xpconnect/src/xpcjsruntime.cpp @@ -904,21 +904,24 @@ XPCJSRuntime::SyncXPCContextList(JSConte if(xpcc) mContextMap->Add(xpcc); } if(xpcc) { xpcc->Mark(); } // if it is our first context then we need to generate our string ids if(!mStrIDs[0]) + { + JSAutoRequest ar(cur); GenerateStringIDs(cur); + } if(cx && cx == cur) found = xpcc; } // get rid of any XPCContexts that represent dead JSContexts mContextMap->Enumerate(SweepContextsCB, 0); XPCPerThreadData* tls = XPCPerThreadData::GetData(); if(tls) { Index: mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp =================================================================== RCS file: /cvsroot/mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp,v retrieving revision 1.15 diff -pU10 -r1.15 mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp --- mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp +++ mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp @@ -173,20 +173,22 @@ XPCNativeMember::Resolve(XPCCallContext& else { if(IsWritableAttribute()) flags = JSFUN_GETTER | JSFUN_SETTER; else flags = JSFUN_GETTER; argc = 0; callback = XPC_WN_GetterSetter; } + JSAutoRequest ar(cx); + JSFunction *fun = JS_NewFunction(cx, callback, argc, flags, nsnull, iface->GetMemberName(ccx, this)); if(!fun) return JS_FALSE; JSObject* funobj = JS_GetFunctionObject(fun); if(!funobj) return JS_FALSE; AUTO_MARK_JSVAL(ccx, OBJECT_TO_JSVAL(funobj)); Index: mozilla/modules/plugin/base/src/ns4xPlugin.cpp =================================================================== RCS file: /cvsroot/mozilla/modules/plugin/base/src/ns4xPlugin.cpp,v retrieving revision 1.134 diff -pU10 -r1.134 mozilla/modules/plugin/base/src/ns4xPlugin.cpp --- mozilla/modules/plugin/base/src/ns4xPlugin.cpp +++ mozilla/modules/plugin/base/src/ns4xPlugin.cpp @@ -1398,37 +1398,40 @@ _getstringidentifier(const NPUTF8* name) nsCOMPtr stack = do_GetService("@mozilla.org/js/xpc/ContextStack;1"); if (!stack) return NULL; JSContext *cx = nsnull; stack->GetSafeJSContext(&cx); if (!cx) return NULL; + JSAutoRequest ar(cx); return doGetIdentifier(cx, name); } void NP_EXPORT _getstringidentifiers(const NPUTF8** names, int32_t nameCount, NPIdentifier *identifiers) { nsCOMPtr stack = do_GetService("@mozilla.org/js/xpc/ContextStack;1"); if (!stack) return; JSContext *cx = nsnull; stack->GetSafeJSContext(&cx); if (!cx) return; + JSAutoRequest ar(cx); + for (int32_t i = 0; i < nameCount; ++i) { identifiers[i] = doGetIdentifier(cx, names[i]); } } NPIdentifier NP_EXPORT _getintidentifier(int32_t intid) { return (NPIdentifier)INT_TO_JSVAL(intid); } Index: mozilla/modules/plugin/base/src/nsJSNPRuntime.cpp =================================================================== RCS file: /cvsroot/mozilla/modules/plugin/base/src/nsJSNPRuntime.cpp,v retrieving revision 1.17 diff -pU10 -r1.17 mozilla/modules/plugin/base/src/nsJSNPRuntime.cpp --- mozilla/modules/plugin/base/src/nsJSNPRuntime.cpp +++ mozilla/modules/plugin/base/src/nsJSNPRuntime.cpp @@ -507,20 +507,21 @@ nsJSObjWrapper::NP_HasMethod(NPObject *n if (!npobj) { ThrowJSException(cx, "Null npobj in nsJSObjWrapper::NP_HasMethod!"); return PR_FALSE; } nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; jsval v; + JSAutoRequest ar(cx); JSBool ok = GetProperty(cx, npjsobj->mJSObj, identifier, &v); return ok && !JSVAL_IS_PRIMITIVE(v) && ::JS_ObjectIsFunction(cx, JSVAL_TO_OBJECT(v)); } static bool doInvoke(NPObject *npobj, NPIdentifier method, const NPVariant *args, uint32_t argCount, NPVariant *result) { @@ -531,20 +532,22 @@ doInvoke(NPObject *npobj, NPIdentifier m NS_ERROR("Null cx in doInvoke!"); return PR_FALSE; } if (!npobj || !result) { ThrowJSException(cx, "Null npobj, or result in doInvoke!"); return PR_FALSE; } + JSAutoRequest ar(cx); + // Initialize *result VOID_TO_NPVARIANT(*result); nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; jsval fv; AutoCXPusher pusher(cx); if ((jsval)method != JSVAL_VOID) { if (!GetProperty(cx, npjsobj->mJSObj, method, &fv) || @@ -626,20 +629,22 @@ nsJSObjWrapper::NP_HasProperty(NPObject ThrowJSException(cx, "Null npobj in nsJSObjWrapper::NP_HasProperty!"); return PR_FALSE; } nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; jsval id = (jsval)identifier; JSBool found, ok = JS_FALSE; + JSAutoRequest ar(cx); + if (JSVAL_IS_STRING(id)) { JSString *str = JSVAL_TO_STRING(id); ok = ::JS_HasUCProperty(cx, npjsobj->mJSObj, ::JS_GetStringChars(str), ::JS_GetStringLength(str), &found); } else { NS_ASSERTION(JSVAL_IS_INT(id), "id must be either string or int!\n"); ok = ::JS_HasElement(cx, npjsobj->mJSObj, JSVAL_TO_INT(id), &found); } @@ -665,20 +670,21 @@ nsJSObjWrapper::NP_GetProperty(NPObject "Null npobj in nsJSObjWrapper::NP_GetProperty!"); return PR_FALSE; } nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; AutoCXPusher pusher(cx); jsval v; + JSAutoRequest ar(cx); return (GetProperty(cx, npjsobj->mJSObj, identifier, &v) && JSValToNPVariant(npp, cx, v, result)); } // static bool nsJSObjWrapper::NP_SetProperty(NPObject *npobj, NPIdentifier identifier, const NPVariant *value) { NPP npp = NPPStack::Peek(); @@ -694,20 +700,21 @@ nsJSObjWrapper::NP_SetProperty(NPObject "Null npobj in nsJSObjWrapper::NP_SetProperty!"); return PR_FALSE; } nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; jsval id = (jsval)identifier; JSBool ok = JS_FALSE; AutoCXPusher pusher(cx); + JSAutoRequest ar(cx); jsval v = NPVariantToJSVal(npp, cx, value); if (JSVAL_IS_STRING(id)) { JSString *str = JSVAL_TO_STRING(id); ok = ::JS_SetUCProperty(cx, npjsobj->mJSObj, ::JS_GetStringChars(str), ::JS_GetStringLength(str), &v); } else { NS_ASSERTION(JSVAL_IS_INT(id), "id must be either string or int!\n"); @@ -737,20 +744,21 @@ nsJSObjWrapper::NP_RemoveProperty(NPObje "Null npobj in nsJSObjWrapper::NP_RemoveProperty!"); return PR_FALSE; } nsJSObjWrapper *npjsobj = (nsJSObjWrapper *)npobj; jsval id = (jsval)identifier; JSBool ok = JS_FALSE; AutoCXPusher pusher(cx); + JSAutoRequest ar(cx); if (JSVAL_IS_STRING(id)) { JSString *str = JSVAL_TO_STRING(id); jsval unused; ok = ::JS_DeleteUCProperty2(cx, npjsobj->mJSObj, ::JS_GetStringChars(str), ::JS_GetStringLength(str), &unused); } else { NS_ASSERTION(JSVAL_IS_INT(id), "id must be either string or int!\n"); @@ -954,20 +962,22 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS return nsnull; } wrapper->mJSObj = obj; entry->mJSObjWrapper = wrapper; NS_ASSERTION(wrapper->mNpp == npp, "nsJSObjWrapper::mNpp not initialized!"); + JSAutoRequest ar(cx); + // Root the JSObject, its lifetime is now tied to that of the // NPObject. if (!::JS_AddNamedRoot(cx, &wrapper->mJSObj, "nsJSObjWrapper::mJSObject")) { NS_ERROR("Failed to root JSObject!"); _releaseobject(wrapper); PL_DHashTableRawRemove(&sJSObjWrappers, entry); return nsnull; @@ -1466,20 +1476,22 @@ nsNPObjWrapper::GetNewOrUsed(NPP npp, JS PL_DHASH_ADD)); if (PL_DHASH_ENTRY_IS_BUSY(entry) && entry->mJSObj) { // Found a live NPObject wrapper, return it. return entry->mJSObj; } entry->mNPObj = npobj; entry->mNpp = npp; + JSAutoRequest ar(cx); + // No existing JSObject, create one. JSObject *obj = ::JS_NewObject(cx, &sNPObjectJSWrapperClass, nsnull, nsnull); if (!obj) { // OOM? Remove the stale entry from the hash. PL_DHashTableRawRemove(&sJSObjWrappers, entry); return nsnull;