corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 880392 - Fix use-after free with exact rooting in XPCShell; r=sfink

Browse Source
This commit is contained in:
Terrence Cole
2013-06-07 11:34:57 -07:00
parent 4069dc5e38
commit c421d37e8e
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
js/xpconnect/shell/xpcshell.cpp
View File

@@ -1580,9 +1580,6 @@ main(int argc, char **argv, char **envp)
return 1; return 1;
} }
JS::Rooted<JSObject*> glob(cx);
JS::Rooted<JSObject*> envobj(cx);
argc--; argc--;
argv++; argv++;
ProcessArgsForCompartment(cx, argv, argc); ProcessArgsForCompartment(cx, argv, argc);
@@ -1647,14 +1644,14 @@ main(int argc, char **argv, char **envp)
if (NS_FAILED(rv)) if (NS_FAILED(rv))
return 1; return 1;
glob = holder->GetJSObject();
if (!glob) {
return 1;
}
backstagePass->SetGlobalObject(glob);
{ {
JS::Rooted<JSObject*> glob(cx, holder->GetJSObject());
if (!glob) {
return 1;
}
backstagePass->SetGlobalObject(glob);
JSAutoCompartment ac(cx, glob); JSAutoCompartment ac(cx, glob);
if (!JS_InitReflect(cx, glob)) { if (!JS_InitReflect(cx, glob)) {
@@ -1668,6 +1665,7 @@ main(int argc, char **argv, char **envp)
return 1; return 1;
} }
JS::Rooted<JSObject*> envobj(cx);
envobj = JS_DefineObject(cx, glob, "environment", &env_class, NULL, 0); envobj = JS_DefineObject(cx, glob, "environment", &env_class, NULL, 0);
if (!envobj) { if (!envobj) {
JS_EndRequest(cx); JS_EndRequest(cx);