From 8bc3d7a7987cd06905d9c73b478adc776cf6ff51 Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Sun, 10 Dec 2006 01:09:06 +0200 Subject: [PATCH] Bug 846, SEE: Check thisobj->objectclass before casting. --- src/ecmascript/see/Makefile | 2 +- src/ecmascript/see/document.c | 3 +++ src/ecmascript/see/form.c | 35 +++++++++++++++++++++++++++-------- src/ecmascript/see/location.c | 9 +++++++++ src/ecmascript/see/window.c | 8 ++++++++ 5 files changed, 48 insertions(+), 9 deletions(-) diff --git a/src/ecmascript/see/Makefile b/src/ecmascript/see/Makefile index f1c4b9e8..257f9bee 100644 --- a/src/ecmascript/see/Makefile +++ b/src/ecmascript/see/Makefile @@ -1,6 +1,6 @@ top_builddir=../../.. include $(top_builddir)/Makefile.config -OBJS = document.o form.o input.o location.o navigator.o strings.o unibar.o window.o +OBJS = checktype.o document.o form.o input.o location.o navigator.o strings.o unibar.o window.o include $(top_srcdir)/Makefile.lib diff --git a/src/ecmascript/see/document.c b/src/ecmascript/see/document.c index 22bfe936..12d3c66e 100644 --- a/src/ecmascript/see/document.c +++ b/src/ecmascript/see/document.c @@ -21,6 +21,7 @@ #include "document/forms.h" #include "document/view.h" #include "ecmascript/ecmascript.h" +#include "ecmascript/see/checktype.h" #include "ecmascript/see/document.h" #include "ecmascript/see/form.h" #include "ecmascript/see/input.h" @@ -209,6 +210,8 @@ js_document_write_do(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = g->win->vs; struct string *ret = g->ret; + see_check_class(interp, thisobj, &js_document_object_class); + if (argc >= 1 && ret) { int i = 0; diff --git a/src/ecmascript/see/form.c b/src/ecmascript/see/form.c index 7897f92c..9b2f5b9f 100644 --- a/src/ecmascript/see/form.c +++ b/src/ecmascript/see/form.c @@ -22,6 +22,7 @@ #include "document/forms.h" #include "document/view.h" #include "ecmascript/ecmascript.h" +#include "ecmascript/see/checktype.h" #include "ecmascript/see/document.h" #include "ecmascript/see/form.h" #include "ecmascript/see/input.h" @@ -350,6 +351,7 @@ js_input_blur(struct SEE_interpreter *interp, struct SEE_object *self, struct SEE_object *thisobj, int argc, struct SEE_value **argv, struct SEE_value *res) { + see_check_class(interp, thisobj, &js_input_object_class); SEE_SET_BOOLEAN(res, 0); /* We are a text-mode browser and there *always* has to be something * selected. So we do nothing for now. (That was easy.) */ @@ -365,7 +367,9 @@ js_input_click(struct SEE_interpreter *interp, struct SEE_object *self, struct document_view *doc_view = vs->doc_view; struct document *document = doc_view->document; struct session *ses = doc_view->session; - struct js_input *input = (struct js_input *)thisobj; + struct js_input *input = ( + see_check_class(interp, thisobj, &js_input_object_class), + (struct js_input *)thisobj); struct form_state *fs = input->fs; struct form_control *fc; int linknum; @@ -398,7 +402,9 @@ js_input_focus(struct SEE_interpreter *interp, struct SEE_object *self, struct document_view *doc_view = vs->doc_view; struct document *document = doc_view->document; struct session *ses = doc_view->session; - struct js_input *input = (struct js_input *)thisobj; + struct js_input *input = ( + see_check_class(interp, thisobj, &js_input_object_class), + (struct js_input *)thisobj); struct form_state *fs = input->fs; struct form_control *fc; int linknum; @@ -422,6 +428,7 @@ js_input_select(struct SEE_interpreter *interp, struct SEE_object *self, struct SEE_object *thisobj, int argc, struct SEE_value **argv, struct SEE_value *res) { + see_check_class(interp, thisobj, &js_input_object_class); SEE_SET_BOOLEAN(res, 0); /* We support no text selecting yet. So we do nothing for now. * (That was easy, too.) */ @@ -513,7 +520,9 @@ js_form_elems_item(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = g->win->vs; struct document_view *doc_view = vs->doc_view; struct document *document = doc_view->document; - struct js_form_elems *jsfe = (struct js_form_elems *)thisobj; + struct js_form_elems *jsfe = ( + see_check_class(interp, thisobj, &js_form_elems_class), + (struct js_form_elems *)thisobj); struct js_form *parent_form = jsfe->parent; struct form_view *fv = parent_form->fv; struct form *form = find_form_by_form_view(document, fv); @@ -554,7 +563,9 @@ js_form_elems_namedItem(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = g->win->vs; struct document_view *doc_view = vs->doc_view; struct document *document = doc_view->document; - struct js_form_elems *jsfe = (struct js_form_elems *)thisobj; + struct js_form_elems *jsfe = ( + see_check_class(interp, thisobj, &js_form_elems_class), + (struct js_form_elems *)thisobj); struct js_form *parent_form = jsfe->parent; struct form_view *fv = parent_form->fv; struct form *form = find_form_by_form_view(document, fv); @@ -637,7 +648,9 @@ js_forms_item(struct SEE_interpreter *interp, struct SEE_object *self, { struct global_object *g = (struct global_object *)interp; struct view_state *vs = g->win->vs; - struct js_forms_object *fo = (struct js_forms_object *)thisobj; + struct js_forms_object *fo = ( + see_check_class(interp, thisobj, &js_forms_object_class), + (struct js_forms_object *)thisobj); struct js_document_object *doc = fo->parent; struct form_view *fv; unsigned char *string; @@ -674,7 +687,9 @@ js_forms_namedItem(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = g->win->vs; struct document_view *doc_view = vs->doc_view; struct document *document = doc_view->document; - struct js_forms_object *fo = (struct js_forms_object *)thisobj; + struct js_forms_object *fo = ( + see_check_class(interp, thisobj, &js_forms_object_class), + (struct js_forms_object *)thisobj); struct js_document_object *doc = fo->parent; struct form *form; unsigned char *string; @@ -905,7 +920,9 @@ js_form_reset(struct SEE_interpreter *interp, struct SEE_object *self, struct global_object *g = (struct global_object *)interp; struct view_state *vs = g->win->vs; struct document_view *doc_view = vs->doc_view; - struct js_form *js_form = (struct js_form *)thisobj; + struct js_form *js_form = ( + see_check_class(interp, thisobj, &js_form_class), + (struct js_form *)thisobj); struct form_view *fv = js_form->fv; struct form *form = find_form_by_form_view(doc_view->document, fv); @@ -925,7 +942,9 @@ js_form_submit(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = g->win->vs; struct document_view *doc_view = vs->doc_view; struct session *ses = doc_view->session; - struct js_form *js_form = (struct js_form *)thisobj; + struct js_form *js_form = ( + see_check_class(interp, thisobj, &js_form_class), + (struct js_form *)thisobj); struct form_view *fv = js_form->fv; struct form *form = find_form_by_form_view(doc_view->document, fv); diff --git a/src/ecmascript/see/location.c b/src/ecmascript/see/location.c index 20ac8049..cf43a155 100644 --- a/src/ecmascript/see/location.c +++ b/src/ecmascript/see/location.c @@ -22,6 +22,7 @@ #include "document/forms.h" #include "document/view.h" #include "ecmascript/ecmascript.h" +#include "ecmascript/see/checktype.h" #include "ecmascript/see/input.h" #include "ecmascript/see/location.h" #include "ecmascript/see/strings.h" @@ -190,6 +191,8 @@ js_history_back(struct SEE_interpreter *interp, struct SEE_object *self, struct document_view *doc_view = vs->doc_view; struct session *ses = doc_view->session; + see_check_class(interp, thisobj, &js_history_object_class); + SEE_SET_NULL(res); go_back(ses); } @@ -204,6 +207,8 @@ js_history_forward(struct SEE_interpreter *interp, struct SEE_object *self, struct document_view *doc_view = vs->doc_view; struct session *ses = doc_view->session; + see_check_class(interp, thisobj, &js_history_object_class); + SEE_SET_NULL(res); go_unback(ses); } @@ -221,6 +226,8 @@ js_history_go(struct SEE_interpreter *interp, struct SEE_object *self, int index; struct location *loc; + see_check_class(interp, thisobj, &js_history_object_class); + SEE_SET_NULL(res); if (argc < 1) return; @@ -254,6 +261,8 @@ js_location_toString(struct SEE_interpreter *interp, struct SEE_object *self, unsigned char *string = get_uri_string(vs->uri, URI_ORIGINAL); struct SEE_string *str = string_to_SEE_string(interp, string); + see_check_class(interp, thisobj, &js_location_object_class); + mem_free_if(string); SEE_SET_STRING(res, str); diff --git a/src/ecmascript/see/window.c b/src/ecmascript/see/window.c index 361be6ea..36587d77 100644 --- a/src/ecmascript/see/window.c +++ b/src/ecmascript/see/window.c @@ -23,6 +23,7 @@ #include "document/forms.h" #include "document/view.h" #include "ecmascript/ecmascript.h" +#include "ecmascript/see/checktype.h" #include "ecmascript/see/input.h" #include "ecmascript/see/strings.h" #include "ecmascript/see/window.h" @@ -210,6 +211,8 @@ js_window_alert(struct SEE_interpreter *interp, struct SEE_object *self, struct view_state *vs = win->vs; unsigned char *string; + see_check_class(interp, thisobj, &js_window_object_class); + SEE_SET_BOOLEAN(res, 1); if (argc < 1) return; @@ -244,6 +247,9 @@ js_window_open(struct SEE_interpreter *interp, struct SEE_object *self, static time_t ratelimit_start; static int ratelimit_count; #endif + + see_check_class(interp, thisobj, &js_window_object_class); + SEE_SET_OBJECT(res, (struct SEE_object *)win); if (get_opt_bool("ecmascript.block_window_opening")) { #ifdef CONFIG_LEDS @@ -335,6 +341,8 @@ js_setTimeout(struct SEE_interpreter *interp, struct SEE_object *self, unsigned char *code; int timeout; + see_check_class(interp, thisobj, &js_window_object_class); + if (argc != 2) return; ei = ((struct global_object *)interp)->interpreter; code = SEE_value_to_unsigned_char(interp, argv[0]);