script: make throw_invalid_this and throw_constructor_without_new safe (#35360)

Signed-off-by: Stephen Muss <stephenmuss@gmail.com>
This commit is contained in:
Stephen Muss 2025-02-08 00:07:50 +11:00 committed by GitHub
parent 643885e6f1
commit 3c1cce825d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 15 additions and 14 deletions

View file

@ -412,7 +412,7 @@ pub(crate) unsafe fn call_default_constructor(
constructor: impl FnOnce(JSContext, &CallArgs, &GlobalScope, HandleObject) -> bool,
) -> bool {
if !args.is_constructing() {
throw_constructor_without_new(*cx, ctor_name);
throw_constructor_without_new(cx, ctor_name);
return false;
}

View file

@ -310,19 +310,19 @@ pub(crate) unsafe fn report_pending_exception(
/// Throw an exception to signal that a `JSObject` can not be converted to a
/// given DOM type.
pub(crate) unsafe fn throw_invalid_this(cx: *mut JSContext, proto_id: u16) {
debug_assert!(!JS_IsExceptionPending(cx));
pub(crate) fn throw_invalid_this(cx: SafeJSContext, proto_id: u16) {
debug_assert!(unsafe { !JS_IsExceptionPending(*cx) });
let error = format!(
"\"this\" object does not implement interface {}.",
proto_id_to_name(proto_id)
);
throw_type_error(cx, &error);
unsafe { throw_type_error(*cx, &error) };
}
pub(crate) unsafe fn throw_constructor_without_new(cx: *mut JSContext, name: &str) {
debug_assert!(!JS_IsExceptionPending(cx));
pub(crate) fn throw_constructor_without_new(cx: SafeJSContext, name: &str) {
debug_assert!(unsafe { !JS_IsExceptionPending(*cx) });
let error = format!("{} constructor: 'new' is required", name);
throw_type_error(cx, &error);
unsafe { throw_type_error(*cx, &error) };
}
impl Error {

View file

@ -481,35 +481,36 @@ unsafe fn generic_call<const EXCEPTION_TO_REJECTION: bool>(
let info = RUST_FUNCTION_VALUE_TO_JITINFO(JS_CALLEE(cx, vp));
let proto_id = (*info).__bindgen_anon_2.protoID;
let cx = SafeJSContext::from_ptr(cx);
let thisobj = args.thisv();
if !thisobj.get().is_null_or_undefined() && !thisobj.get().is_object() {
throw_invalid_this(cx, proto_id);
return if EXCEPTION_TO_REJECTION {
exception_to_promise(cx, args.rval())
exception_to_promise(*cx, args.rval())
} else {
false
};
}
rooted!(in(cx) let obj = if thisobj.get().is_object() {
rooted!(in(*cx) let obj = if thisobj.get().is_object() {
thisobj.get().to_object()
} else {
GetNonCCWObjectGlobal(JS_CALLEE(cx, vp).to_object_or_null())
GetNonCCWObjectGlobal(JS_CALLEE(*cx, vp).to_object_or_null())
});
let depth = (*info).__bindgen_anon_3.depth as usize;
let proto_check = PrototypeCheck::Depth { depth, proto_id };
let this = match private_from_proto_check(obj.get(), cx, proto_check) {
let this = match private_from_proto_check(obj.get(), *cx, proto_check) {
Ok(val) => val,
Err(()) => {
if is_lenient {
debug_assert!(!JS_IsExceptionPending(cx));
debug_assert!(!JS_IsExceptionPending(*cx));
*vp = UndefinedValue();
return true;
} else {
throw_invalid_this(cx, proto_id);
return if EXCEPTION_TO_REJECTION {
exception_to_promise(cx, args.rval())
exception_to_promise(*cx, args.rval())
} else {
false
};
@ -518,7 +519,7 @@ unsafe fn generic_call<const EXCEPTION_TO_REJECTION: bool>(
};
call(
info,
cx,
*cx,
obj.handle().into(),
this as *mut libc::c_void,
argc,