Change how we reflect DOM objects in codegen

We now go through <Root<MaybeUnreflectedDom<T>>>::reflect_with, to decrease the amount of bad stuff we can end up doing. This avoids a source of vtable pointer instability that could cause issues down the road.
2025-08-02 20:20:14 +01:00 · 2020-03-06 18:45:29 +01:00 · 2020-03-06 18:45:29 +01:00 · 05077d31c8
commit 05077d31c8
parent 356c4e0bc8
2 changed files with 23 additions and 13 deletions
--- a/components/script/dom/bindings/codegen/CodegenRust.py
+++ b/components/script/dom/bindings/codegen/CodegenRust.py
@ -2728,7 +2728,7 @@ assert!(!obj.is_null());
 SetProxyReservedSlot(
    obj.get(),
    0,
-    &PrivateValue(&*raw as *const %(concreteType)s as *const libc::c_void),
+    &PrivateValue(raw.as_ptr() as *const %(concreteType)s as *const libc::c_void),
 );
 """
        else:
@ -2742,7 +2742,7 @@ assert!(!obj.is_null());
 JS_SetReservedSlot(
    obj.get(),
    DOM_OBJECT_SLOT,
-    &PrivateValue(&*raw as *const %(concreteType)s as *const libc::c_void),
+    &PrivateValue(raw.as_ptr() as *const %(concreteType)s as *const libc::c_void),
 );
 """
        create = create % {"concreteType": self.descriptor.concreteType}
@ -2765,11 +2765,11 @@ GetProtoObject(cx, scope, proto.handle_mut());
 assert!(!proto.is_null());

 %(createObject)s
-raw.init_reflector(obj.get());
+let root = raw.reflect_with(obj.get());

 %(copyUnforgeable)s

-DomRoot::from_ref(&*raw)\
+DomRoot::from_ref(&*root)\
 """ % {'copyUnforgeable': unforgeable, 'createObject': create})


@ -2809,12 +2809,12 @@ rooted!(in(*cx) let mut obj = ptr::null_mut::<JSObject>());
 create_global_object(
    cx,
    &Class.base,
-    &*raw as *const %(concreteType)s as *const libc::c_void,
+    raw.as_ptr() as *const %(concreteType)s as *const libc::c_void,
    _trace,
    obj.handle_mut());
 assert!(!obj.is_null());

-raw.init_reflector(obj.get());
+let root = raw.reflect_with(obj.get());

 let _ac = JSAutoRealm::new(*cx, obj.get());
 rooted!(in(*cx) let mut proto = ptr::null_mut::<JSObject>());
@ -2828,7 +2828,7 @@ assert!(immutable);

 %(unforgeable)s

-DomRoot::from_ref(&*raw)\
+DomRoot::from_ref(&*root)\
 """ % values)


--- a/components/script/dom/bindings/root.rs
+++ b/components/script/dom/bindings/root.rs
@ -26,7 +26,7 @@

 use crate::dom::bindings::conversions::DerivedFrom;
 use crate::dom::bindings::inheritance::Castable;
-use crate::dom::bindings::reflector::{DomObject, Reflector};
+use crate::dom::bindings::reflector::{DomObject, MutDomObject, Reflector};
 use crate::dom::bindings::trace::trace_reflector;
 use crate::dom::bindings::trace::JSTraceable;
 use crate::dom::node::Node;
@ -385,15 +385,25 @@ where
    }
 }

-impl<T> Deref for MaybeUnreflectedDom<T>
+impl<T> Root<MaybeUnreflectedDom<T>>
 where
    T: DomObject,
 {
-    type Target = T;
+    pub fn as_ptr(&self) -> *const T {
+        self.value.ptr.as_ptr()
+    }
+}

-    fn deref(&self) -> &T {
-        debug_assert!(thread_state::get().is_script());
-        unsafe { &*self.ptr.as_ptr() }
+impl<T> Root<MaybeUnreflectedDom<T>>
+where
+    T: MutDomObject,
+{
+    pub unsafe fn reflect_with(self, obj: *mut JSObject) -> DomRoot<T> {
+        let ptr = self.as_ptr();
+        drop(self);
+        let root = DomRoot::from_ref(&*ptr);
+        root.init_reflector(obj);
+        root
    }
 }