script: make throw_invalid_this and throw_constructor_without_new safe (#35360)

Signed-off-by: Stephen Muss <stephenmuss@gmail.com>
2025-08-03 20:50:07 +01:00 · 2025-02-08 00:07:50 +11:00 · 2025-02-08 00:07:50 +11:00 · 3c1cce825d
commit 3c1cce825d
parent 643885e6f1
3 changed files with 15 additions and 14 deletions
--- a/components/script/dom/bindings/constructor.rs
+++ b/components/script/dom/bindings/constructor.rs
@ -412,7 +412,7 @@ pub(crate) unsafe fn call_default_constructor(
    constructor: impl FnOnce(JSContext, &CallArgs, &GlobalScope, HandleObject) -> bool,
 ) -> bool {
    if !args.is_constructing() {
-        throw_constructor_without_new(*cx, ctor_name);
+        throw_constructor_without_new(cx, ctor_name);
        return false;
    }

--- a/components/script/dom/bindings/error.rs
+++ b/components/script/dom/bindings/error.rs
@ -310,19 +310,19 @@ pub(crate) unsafe fn report_pending_exception(

 /// Throw an exception to signal that a `JSObject` can not be converted to a
 /// given DOM type.
-pub(crate) unsafe fn throw_invalid_this(cx: *mut JSContext, proto_id: u16) {
-    debug_assert!(!JS_IsExceptionPending(cx));
+pub(crate) fn throw_invalid_this(cx: SafeJSContext, proto_id: u16) {
+    debug_assert!(unsafe { !JS_IsExceptionPending(*cx) });
    let error = format!(
        "\"this\" object does not implement interface {}.",
        proto_id_to_name(proto_id)
    );
-    throw_type_error(cx, &error);
+    unsafe { throw_type_error(*cx, &error) };
 }

-pub(crate) unsafe fn throw_constructor_without_new(cx: *mut JSContext, name: &str) {
-    debug_assert!(!JS_IsExceptionPending(cx));
+pub(crate) fn throw_constructor_without_new(cx: SafeJSContext, name: &str) {
+    debug_assert!(unsafe { !JS_IsExceptionPending(*cx) });
    let error = format!("{} constructor: 'new' is required", name);
-    throw_type_error(cx, &error);
+    unsafe { throw_type_error(*cx, &error) };
 }

 impl Error {
--- a/components/script/dom/bindings/utils.rs
+++ b/components/script/dom/bindings/utils.rs
@ -481,35 +481,36 @@ unsafe fn generic_call<const EXCEPTION_TO_REJECTION: bool>(

    let info = RUST_FUNCTION_VALUE_TO_JITINFO(JS_CALLEE(cx, vp));
    let proto_id = (*info).__bindgen_anon_2.protoID;
+    let cx = SafeJSContext::from_ptr(cx);

    let thisobj = args.thisv();
    if !thisobj.get().is_null_or_undefined() && !thisobj.get().is_object() {
        throw_invalid_this(cx, proto_id);
        return if EXCEPTION_TO_REJECTION {
-            exception_to_promise(cx, args.rval())
+            exception_to_promise(*cx, args.rval())
        } else {
            false
        };
    }

-    rooted!(in(cx) let obj = if thisobj.get().is_object() {
+    rooted!(in(*cx) let obj = if thisobj.get().is_object() {
        thisobj.get().to_object()
    } else {
-        GetNonCCWObjectGlobal(JS_CALLEE(cx, vp).to_object_or_null())
+        GetNonCCWObjectGlobal(JS_CALLEE(*cx, vp).to_object_or_null())
    });
    let depth = (*info).__bindgen_anon_3.depth as usize;
    let proto_check = PrototypeCheck::Depth { depth, proto_id };
-    let this = match private_from_proto_check(obj.get(), cx, proto_check) {
+    let this = match private_from_proto_check(obj.get(), *cx, proto_check) {
        Ok(val) => val,
        Err(()) => {
            if is_lenient {
-                debug_assert!(!JS_IsExceptionPending(cx));
+                debug_assert!(!JS_IsExceptionPending(*cx));
                *vp = UndefinedValue();
                return true;
            } else {
                throw_invalid_this(cx, proto_id);
                return if EXCEPTION_TO_REJECTION {
-                    exception_to_promise(cx, args.rval())
+                    exception_to_promise(*cx, args.rval())
                } else {
                    false
                };
@ -518,7 +519,7 @@ unsafe fn generic_call<const EXCEPTION_TO_REJECTION: bool>(
    };
    call(
        info,
-        cx,
+        *cx,
        obj.handle().into(),
        this as *mut libc::c_void,
        argc,