aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2025-02-02 15:09:23 -05:00
Code

Bug 846: {get,set}Property check JS_InstanceOf without asserting.

Browse Source 
The getProperty and setProperty functions of a JSClass must not assume
that the obj parameter points to an instance of that class.  It might
instead point to another object that merely has an instance of the
class in its prototype chain.  Thus, do not assert that JS_InstanceOf
returns true there.  Instead, run the check even with CONFIG_FASTMEM,
and just return JS_FALSE if it fails.
This commit is contained in:
Kalle Olavi Niemitalo 2006-12-03 11:14:22 +02:00 committed by Kalle Olavi Niemitalo
parent c150331668
commit aa410301f1
10 changed files with 127 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/ecmascript/spidermonkey/document.c
View File

@ -80,8 +80,11 @@ document_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct document *document; struct document *document;
struct session *ses; struct session *ses;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &document_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &document_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -177,8 +180,11 @@ document_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct document_view *doc_view; struct document_view *doc_view;
struct document *document; struct document *document;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &document_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &document_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;

42
src/ecmascript/spidermonkey/form.c
View File

@ -141,8 +141,11 @@ input_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
int linknum; int linknum;
struct link *link = NULL; struct link *link = NULL;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &input_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &input_class, NULL))
return JS_FALSE;
parent_form = JS_GetParent(ctx, obj); parent_form = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL)); assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -282,8 +285,11 @@ input_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct link *link = NULL; struct link *link = NULL;
unicode_val_T accesskey; unicode_val_T accesskey;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &input_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &input_class, NULL))
return JS_FALSE;
parent_form = JS_GetParent(ctx, obj); parent_form = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL)); assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -582,8 +588,11 @@ form_elements_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct form_view *form_view; struct form_view *form_view;
struct form *form; struct form *form;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &form_elements_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &form_elements_class, NULL))
return JS_FALSE;
parent_form = JS_GetParent(ctx, obj); parent_form = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL)); assert(JS_InstanceOf(ctx, parent_form, (JSClass *) &form_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -789,8 +798,11 @@ form_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct form_view *fv; struct form_view *fv;
struct form *form; struct form *form;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &form_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &form_class, NULL))
return JS_FALSE;
parent_doc = JS_GetParent(ctx, obj); parent_doc = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL)); assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -911,8 +923,11 @@ form_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct form *form; struct form *form;
unsigned char *string; unsigned char *string;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &form_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &form_class, NULL))
return JS_FALSE;
parent_doc = JS_GetParent(ctx, obj); parent_doc = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL)); assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -1101,8 +1116,11 @@ forms_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct document_view *doc_view; struct document_view *doc_view;
struct document *document; struct document *document;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &forms_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &forms_class, NULL))
return JS_FALSE;
parent_doc = JS_GetParent(ctx, obj); parent_doc = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL)); assert(JS_InstanceOf(ctx, parent_doc, (JSClass *) &document_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;

14
src/ecmascript/spidermonkey/location.c
View File

@ -149,8 +149,11 @@ location_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
JSObject *parent_win; /* instance of @window_class */ JSObject *parent_win; /* instance of @window_class */
struct view_state *vs; struct view_state *vs;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &location_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &location_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -182,8 +185,11 @@ location_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct view_state *vs; struct view_state *vs;
struct document_view *doc_view; struct document_view *doc_view;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &location_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &location_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;

18
src/ecmascript/spidermonkey/unibar.c
View File

@ -82,9 +82,12 @@ unibar_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct session_status *status; struct session_status *status;
unsigned char *bar; unsigned char *bar;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &menubar_class, NULL) /* This can be called if @obj if not itself an instance of either
|| JS_InstanceOf(ctx, obj, (JSClass *) &statusbar_class, NULL)); * appropriate class but has one in its prototype chain. Fail
if_assert_failed return JS_FALSE; * such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &menubar_class, NULL)
&& !JS_InstanceOf(ctx, obj, (JSClass *) &statusbar_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;
@ -134,9 +137,12 @@ unibar_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct session_status *status; struct session_status *status;
unsigned char *bar; unsigned char *bar;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &menubar_class, NULL) /* This can be called if @obj if not itself an instance of either
|| JS_InstanceOf(ctx, obj, (JSClass *) &statusbar_class, NULL)); * appropriate class but has one in its prototype chain. Fail
if_assert_failed return JS_FALSE; * such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &menubar_class, NULL)
&& !JS_InstanceOf(ctx, obj, (JSClass *) &statusbar_class, NULL))
return JS_FALSE;
parent_win = JS_GetParent(ctx, obj); parent_win = JS_GetParent(ctx, obj);
assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL)); assert(JS_InstanceOf(ctx, parent_win, (JSClass *) &window_class, NULL));
if_assert_failed return JS_FALSE; if_assert_failed return JS_FALSE;

14
src/ecmascript/spidermonkey/window.c
View File

@ -122,8 +122,11 @@ window_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct view_state *vs; struct view_state *vs;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &window_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &window_class, NULL))
return JS_FALSE;
vs = JS_GetPrivate(ctx, obj); /* from @window_class */ vs = JS_GetPrivate(ctx, obj); /* from @window_class */
@ -246,8 +249,11 @@ window_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct view_state *vs; struct view_state *vs;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &window_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &window_class, NULL))
return JS_FALSE;
vs = JS_GetPrivate(ctx, obj); /* from @window_class */ vs = JS_GetPrivate(ctx, obj); /* from @window_class */

21
src/scripting/smjs/bookmarks.c
View File

@ -80,8 +80,11 @@ bookmark_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct bookmark *bookmark; struct bookmark *bookmark;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_class, NULL))
return JS_FALSE;
bookmark = JS_GetPrivate(ctx, obj); /* from @bookmark_class */ bookmark = JS_GetPrivate(ctx, obj); /* from @bookmark_class */
@ -121,8 +124,11 @@ bookmark_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct bookmark *bookmark; struct bookmark *bookmark;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_class, NULL))
return JS_FALSE;
bookmark = JS_GetPrivate(ctx, obj); /* from @bookmark_class */ bookmark = JS_GetPrivate(ctx, obj); /* from @bookmark_class */
@ -191,8 +197,11 @@ bookmark_folder_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
struct bookmark *folder; struct bookmark *folder;
unsigned char *title; unsigned char *title;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_folder_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &bookmark_folder_class, NULL))
return JS_FALSE;
folder = JS_GetPrivate(ctx, obj); /* from @bookmark_folder_class */ folder = JS_GetPrivate(ctx, obj); /* from @bookmark_folder_class */

14
src/scripting/smjs/cache_object.c
View File

@ -39,8 +39,11 @@ cache_entry_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct cache_entry *cached; struct cache_entry *cached;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &cache_entry_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &cache_entry_class, NULL))
return JS_FALSE;
cached = JS_GetPrivate(ctx, obj); /* from @cache_entry_class */ cached = JS_GetPrivate(ctx, obj); /* from @cache_entry_class */
@ -96,8 +99,11 @@ cache_entry_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct cache_entry *cached; struct cache_entry *cached;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &cache_entry_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &cache_entry_class, NULL))
return JS_FALSE;
cached = JS_GetPrivate(ctx, obj); /* from @cache_entry_class */ cached = JS_GetPrivate(ctx, obj); /* from @cache_entry_class */

14
src/scripting/smjs/globhist.c
View File

@ -50,8 +50,11 @@ smjs_globhist_item_get_property(JSContext *ctx, JSObject *obj, jsval id,
{ {
struct global_history_item *history_item; struct global_history_item *history_item;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &smjs_globhist_item_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &smjs_globhist_item_class, NULL))
return JS_FALSE;
history_item = JS_GetPrivate(ctx, obj); /* from @smjs_globhist_item_class */ history_item = JS_GetPrivate(ctx, obj); /* from @smjs_globhist_item_class */
@ -107,8 +110,11 @@ smjs_globhist_item_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *
{ {
struct global_history_item *history_item; struct global_history_item *history_item;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &smjs_globhist_item_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &smjs_globhist_item_class, NULL))
return JS_FALSE;
history_item = JS_GetPrivate(ctx, obj); /* from @smjs_globhist_item_class */ history_item = JS_GetPrivate(ctx, obj); /* from @smjs_globhist_item_class */

14
src/scripting/smjs/keybinding.c
View File

@ -23,8 +23,11 @@ keymap_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
const unsigned char *keystroke_str; const unsigned char *keystroke_str;
int *data; int *data;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &keymap_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &keymap_class, NULL))
return JS_FALSE;
data = JS_GetPrivate(ctx, obj); /* from @keymap_class */ data = JS_GetPrivate(ctx, obj); /* from @keymap_class */
@ -74,8 +77,11 @@ keymap_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
unsigned char *keymap_str; unsigned char *keymap_str;
const unsigned char *keystroke_str; const unsigned char *keystroke_str;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &keymap_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &keymap_class, NULL))
return JS_FALSE;
data = JS_GetPrivate(ctx, obj); /* from @keymap_class */ data = JS_GetPrivate(ctx, obj); /* from @keymap_class */

14
src/scripting/smjs/view_state_object.c
View File

@ -39,8 +39,11 @@ view_state_get_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct view_state *vs; struct view_state *vs;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &view_state_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &view_state_class, NULL))
return JS_FALSE;
vs = JS_GetPrivate(ctx, obj); /* from @view_state_class */ vs = JS_GetPrivate(ctx, obj); /* from @view_state_class */
@ -73,8 +76,11 @@ view_state_set_property(JSContext *ctx, JSObject *obj, jsval id, jsval *vp)
{ {
struct view_state *vs; struct view_state *vs;
assert(JS_InstanceOf(ctx, obj, (JSClass *) &view_state_class, NULL)); /* This can be called if @obj if not itself an instance of the
if_assert_failed return JS_FALSE; * appropriate class but has one in its prototype chain. Fail
* such calls. */
if (!JS_InstanceOf(ctx, obj, (JSClass *) &view_state_class, NULL))
return JS_FALSE;
vs = JS_GetPrivate(ctx, obj); /* from @view_state_class */ vs = JS_GetPrivate(ctx, obj); /* from @view_state_class */