Feodor2
/
Mypal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[js] Add AutoEnterOOMUnsafeRegion to JS_TransplantObject.

master
Fedor 2021-02-07 17:33:29 +02:00
parent 7040645be7
commit dc80bfa3e5
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
js/src/jsapi.cpp
View File

@ -873,6 +873,9 @@ JS_TransplantObject(JSContext* cx, HandleObject origobj, HandleObject target)
AutoDisableCompactingGC nocgc(cx); AutoDisableCompactingGC nocgc(cx);
AutoDisableProxyCheck adpc(cx->runtime()); AutoDisableProxyCheck adpc(cx->runtime());
// Transplanting is never OOM-safe.
AutoEnterOOMUnsafeRegion oomUnsafe;
JSCompartment* destination = target->compartment(); JSCompartment* destination = target->compartment();
@ -905,19 +908,22 @@ JS_TransplantObject(JSContext* cx, HandleObject origobj, HandleObject target)
// Now, iterate through other scopes looking for references to the // Now, iterate through other scopes looking for references to the
// old object, and update the relevant cross-compartment wrappers. // old object, and update the relevant cross-compartment wrappers.
if (!RemapAllWrappersForObject(cx, origobj, newIdentity)) if (!RemapAllWrappersForObject(cx, origobj, newIdentity))
MOZ_CRASH(); oomUnsafe.crash("JS_TransplantObject");
// Lastly, update the original object to point to the new one. // Lastly, update the original object to point to the new one.
if (origobj->compartment() != destination) { if (origobj->compartment() != destination) {
RootedObject newIdentityWrapper(cx, newIdentity); RootedObject newIdentityWrapper(cx, newIdentity);
AutoCompartment ac(cx, origobj); AutoCompartment ac(cx, origobj);
if (!JS_WrapObject(cx, &newIdentityWrapper)) if (!JS_WrapObject(cx, &newIdentityWrapper)) {
MOZ_CRASH(); MOZ_RELEASE_ASSERT(cx->isThrowingOutOfMemory() ||
cx->isThrowingOverRecursed());
oomUnsafe.crash("JS_TransplantObject");
}
MOZ_ASSERT(Wrapper::wrappedObject(newIdentityWrapper) == newIdentity); MOZ_ASSERT(Wrapper::wrappedObject(newIdentityWrapper) == newIdentity);
if (!JSObject::swap(cx, origobj, newIdentityWrapper)) if (!JSObject::swap(cx, origobj, newIdentityWrapper))
MOZ_CRASH(); MOZ_CRASH();
if (!origobj->compartment()->putWrapper(cx, CrossCompartmentKey(newIdentity), origv)) if (!origobj->compartment()->putWrapper(cx, CrossCompartmentKey(newIdentity), origv))
MOZ_CRASH(); oomUnsafe.crash("JS_TransplantObject");
} }
// The new identity object might be one of several things. Return it to avoid // The new identity object might be one of several things. Return it to avoid