From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- js/xpconnect/src/XPCConvert.cpp | 1649 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 1649 insertions(+) create mode 100644 js/xpconnect/src/XPCConvert.cpp (limited to 'js/xpconnect/src/XPCConvert.cpp') diff --git a/js/xpconnect/src/XPCConvert.cpp b/js/xpconnect/src/XPCConvert.cpp new file mode 100644 index 0000000000..9c6fd75eec --- /dev/null +++ b/js/xpconnect/src/XPCConvert.cpp @@ -0,0 +1,1649 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Data conversion between native and JavaScript types. */ + +#include "mozilla/ArrayUtils.h" +#include "mozilla/Range.h" +#include "mozilla/Sprintf.h" + +#include "xpcprivate.h" +#include "nsIScriptError.h" +#include "nsISimpleEnumerator.h" +#include "nsWrapperCache.h" +#include "nsJSUtils.h" +#include "nsQueryObject.h" +#include "nsScriptError.h" +#include "WrapperFactory.h" + +#include "nsWrapperCacheInlines.h" + +#include "jsapi.h" +#include "jsfriendapi.h" +#include "js/Array.h" // JS::GetArrayLength, JS::IsArrayObject, JS::NewArrayObject +#include "js/CharacterEncoding.h" +#include "js/experimental/TypedData.h" // JS_GetArrayBufferViewType, JS_GetArrayBufferViewData, JS_GetTypedArrayLength, JS_IsTypedArrayObject +#include "js/MemoryFunctions.h" +#include "js/Object.h" // JS::GetClass +#include "js/PropertyAndElement.h" // JS_DefineElement, JS_GetElement +#include "js/String.h" // JS::StringHasLatin1Chars + +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/DOMException.h" +#include "mozilla/dom/PrimitiveConversions.h" +#include "mozilla/dom/Promise.h" + +using namespace xpc; +using namespace mozilla; +using namespace mozilla::dom; +using namespace JS; + +// #define STRICT_CHECK_OF_UNICODE +#ifdef STRICT_CHECK_OF_UNICODE +# define ILLEGAL_RANGE(c) (0 != ((c)&0xFF80)) +#else // STRICT_CHECK_OF_UNICODE +# define ILLEGAL_RANGE(c) (0 != ((c)&0xFF00)) +#endif // STRICT_CHECK_OF_UNICODE + +#define ILLEGAL_CHAR_RANGE(c) (0 != ((c)&0x80)) + +/***************************************************************************/ + +// static +bool XPCConvert::GetISupportsFromJSObject(JSObject* obj, nsISupports** iface) { + if (JS::GetClass(obj)->slot0IsISupports()) { + *iface = JS::GetObjectISupports(obj); + return true; + } + *iface = UnwrapDOMObjectToISupports(obj); + return !!*iface; +} + +/***************************************************************************/ + +// static +bool XPCConvert::NativeData2JS(JSContext* cx, MutableHandleValue d, + const void* s, const nsXPTType& type, + const nsID* iid, uint32_t arrlen, + nsresult* pErr) { + MOZ_ASSERT(s, "bad param"); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + switch (type.Tag()) { + case nsXPTType::T_I8: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I16: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I32: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_I64: + d.setNumber(static_cast(*static_cast(s))); + return true; + case nsXPTType::T_U8: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_U16: + d.setInt32(*static_cast(s)); + return true; + case nsXPTType::T_U32: + d.setNumber(*static_cast(s)); + return true; + case nsXPTType::T_U64: + d.setNumber(static_cast(*static_cast(s))); + return true; + case nsXPTType::T_FLOAT: + d.setNumber(*static_cast(s)); + return true; + case nsXPTType::T_DOUBLE: + d.set(JS_NumberValue(*static_cast(s))); + return true; + case nsXPTType::T_BOOL: + d.setBoolean(*static_cast(s)); + return true; + case nsXPTType::T_CHAR: { + char p = *static_cast(s); + +#ifdef STRICT_CHECK_OF_UNICODE + MOZ_ASSERT(!ILLEGAL_CHAR_RANGE(p), "passing non ASCII data"); +#endif // STRICT_CHECK_OF_UNICODE + + JSString* str = JS_NewStringCopyN(cx, &p, 1); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + case nsXPTType::T_WCHAR: { + char16_t p = *static_cast(s); + + JSString* str = JS_NewUCStringCopyN(cx, &p, 1); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_JSVAL: { + d.set(*static_cast(s)); + return JS_WrapValue(cx, d); + } + + case nsXPTType::T_VOID: + XPC_LOG_ERROR(("XPCConvert::NativeData2JS : void* params not supported")); + return false; + + case nsXPTType::T_NSIDPTR: { + nsID* iid2 = *static_cast(s); + if (!iid2) { + d.setNull(); + return true; + } + + return xpc::ID2JSValue(cx, *iid2, d); + } + + case nsXPTType::T_NSID: + return xpc::ID2JSValue(cx, *static_cast(s), d); + + case nsXPTType::T_ASTRING: { + const nsAString* p = static_cast(s); + if (!p || p->IsVoid()) { + d.setNull(); + return true; + } + + nsStringBuffer* buf; + if (!XPCStringConvert::ReadableToJSVal(cx, *p, &buf, d)) { + return false; + } + if (buf) { + buf->AddRef(); + } + return true; + } + + case nsXPTType::T_CHAR_STR: { + const char* p = *static_cast(s); + arrlen = p ? strlen(p) : 0; + [[fallthrough]]; + } + case nsXPTType::T_PSTRING_SIZE_IS: { + const char* p = *static_cast(s); + if (!p) { + d.setNull(); + return true; + } + +#ifdef STRICT_CHECK_OF_UNICODE + bool isAscii = true; + for (uint32_t i = 0; i < arrlen; i++) { + if (ILLEGAL_CHAR_RANGE(p[i])) { + isAscii = false; + } + } + MOZ_ASSERT(isAscii, "passing non ASCII data"); +#endif // STRICT_CHECK_OF_UNICODE + + JSString* str = JS_NewStringCopyN(cx, p, arrlen); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_WCHAR_STR: { + const char16_t* p = *static_cast(s); + arrlen = p ? nsCharTraits::length(p) : 0; + [[fallthrough]]; + } + case nsXPTType::T_PWSTRING_SIZE_IS: { + const char16_t* p = *static_cast(s); + if (!p) { + d.setNull(); + return true; + } + + JSString* str = JS_NewUCStringCopyN(cx, p, arrlen); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_UTF8STRING: { + const nsACString* utf8String = static_cast(s); + + if (!utf8String || utf8String->IsVoid()) { + d.setNull(); + return true; + } + + if (utf8String->IsEmpty()) { + d.set(JS_GetEmptyStringValue(cx)); + return true; + } + + uint32_t len = utf8String->Length(); + auto allocLen = CheckedUint32(len) + 1; + if (!allocLen.isValid()) { + return false; + } + + // Usage of UTF-8 in XPConnect is mostly for things that are + // almost always ASCII, so the inexact allocations below + // should be fine. + + if (IsUtf8Latin1(*utf8String)) { + using UniqueLatin1Chars = + js::UniquePtr; + + UniqueLatin1Chars buffer(static_cast( + JS_string_malloc(cx, allocLen.value()))); + if (!buffer) { + return false; + } + + size_t written = LossyConvertUtf8toLatin1( + *utf8String, Span(reinterpret_cast(buffer.get()), len)); + buffer[written] = 0; + + // written can never exceed len, so the truncation is OK. + JSString* str = JS_NewLatin1String(cx, std::move(buffer), written); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + // 1-byte sequences decode to 1 UTF-16 code unit + // 2-byte sequences decode to 1 UTF-16 code unit + // 3-byte sequences decode to 1 UTF-16 code unit + // 4-byte sequences decode to 2 UTF-16 code units + // So the number of output code units never exceeds + // the number of input code units (but see the comment + // below). allocLen already takes the zero terminator + // into account. + allocLen *= sizeof(char16_t); + if (!allocLen.isValid()) { + return false; + } + + JS::UniqueTwoByteChars buffer( + static_cast(JS_string_malloc(cx, allocLen.value()))); + if (!buffer) { + return false; + } + + // For its internal simplicity, ConvertUTF8toUTF16 requires the + // destination to be one code unit longer than the source, but + // it never actually writes more code units than the number of + // code units in the source. That's why it's OK to claim the + // output buffer has len + 1 space but then still expect to + // have space for the zero terminator. + size_t written = + ConvertUtf8toUtf16(*utf8String, Span(buffer.get(), allocLen.value())); + MOZ_RELEASE_ASSERT(written <= len); + buffer[written] = 0; + + JSString* str = JS_NewUCStringDontDeflate(cx, std::move(buffer), written); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + case nsXPTType::T_CSTRING: { + const nsACString* cString = static_cast(s); + + if (!cString || cString->IsVoid()) { + d.setNull(); + return true; + } + + // c-strings (binary blobs) are deliberately not converted from + // UTF-8 to UTF-16. T_UTF8Sting is for UTF-8 encoded strings + // with automatic conversion. + JSString* str = JS_NewStringCopyN(cx, cString->Data(), cString->Length()); + if (!str) { + return false; + } + + d.setString(str); + return true; + } + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: { + nsISupports* iface = *static_cast(s); + if (!iface) { + d.setNull(); + return true; + } + + if (iid->Equals(NS_GET_IID(nsIVariant))) { + nsCOMPtr variant = do_QueryInterface(iface); + if (!variant) { + return false; + } + + return XPCVariant::VariantDataToJS(cx, variant, pErr, d); + } + + xpcObjectHelper helper(iface); + return NativeInterface2JSObject(cx, d, helper, iid, true, pErr); + } + + case nsXPTType::T_DOMOBJECT: { + void* ptr = *static_cast(s); + if (!ptr) { + d.setNull(); + return true; + } + + return type.GetDOMObjectInfo().Wrap(cx, ptr, d); + } + + case nsXPTType::T_PROMISE: { + Promise* promise = *static_cast(s); + if (!promise) { + d.setNull(); + return true; + } + + RootedObject jsobj(cx, promise->PromiseObj()); + if (!JS_WrapObject(cx, &jsobj)) { + return false; + } + d.setObject(*jsobj); + return true; + } + + case nsXPTType::T_LEGACY_ARRAY: + return NativeArray2JS(cx, d, *static_cast(s), + type.ArrayElementType(), iid, arrlen, pErr); + + case nsXPTType::T_ARRAY: { + auto* array = static_cast(s); + return NativeArray2JS(cx, d, array->Elements(), type.ArrayElementType(), + iid, array->Length(), pErr); + } + + default: + NS_ERROR("bad type"); + return false; + } +} + +/***************************************************************************/ + +#ifdef DEBUG +static bool CheckChar16InCharRange(char16_t c) { + if (ILLEGAL_RANGE(c)) { + /* U+0080/U+0100 - U+FFFF data lost. */ + static const size_t MSG_BUF_SIZE = 64; + char msg[MSG_BUF_SIZE]; + SprintfLiteral(msg, + "char16_t out of char range; high bits of data lost: 0x%x", + int(c)); + NS_WARNING(msg); + return false; + } + + return true; +} + +template +static void CheckCharsInCharRange(const CharT* chars, size_t len) { + for (size_t i = 0; i < len; i++) { + if (!CheckChar16InCharRange(chars[i])) { + break; + } + } +} +#endif + +template +bool ConvertToPrimitive(JSContext* cx, HandleValue v, T* retval) { + return ValueToPrimitive(cx, v, "Value", retval); +} + +// static +bool XPCConvert::JSData2Native(JSContext* cx, void* d, HandleValue s, + const nsXPTType& type, const nsID* iid, + uint32_t arrlen, nsresult* pErr) { + MOZ_ASSERT(d, "bad param"); + + js::AssertSameCompartment(cx, s); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + bool sizeis = + type.Tag() == TD_PSTRING_SIZE_IS || type.Tag() == TD_PWSTRING_SIZE_IS; + + switch (type.Tag()) { + case nsXPTType::T_I8: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I16: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I32: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_I64: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U8: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U16: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U32: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_U64: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_FLOAT: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_DOUBLE: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_BOOL: + return ConvertToPrimitive(cx, s, static_cast(d)); + case nsXPTType::T_CHAR: { + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + char16_t ch; + if (JS_GetStringLength(str) == 0) { + ch = 0; + } else { + if (!JS_GetStringCharAt(cx, str, 0, &ch)) { + return false; + } + } +#ifdef DEBUG + CheckChar16InCharRange(ch); +#endif + *((char*)d) = char(ch); + break; + } + case nsXPTType::T_WCHAR: { + JSString* str; + if (!(str = ToString(cx, s))) { + return false; + } + size_t length = JS_GetStringLength(str); + if (length == 0) { + *((uint16_t*)d) = 0; + break; + } + + char16_t ch; + if (!JS_GetStringCharAt(cx, str, 0, &ch)) { + return false; + } + + *((uint16_t*)d) = uint16_t(ch); + break; + } + case nsXPTType::T_JSVAL: + *((Value*)d) = s; + break; + case nsXPTType::T_VOID: + XPC_LOG_ERROR(("XPCConvert::JSData2Native : void* params not supported")); + NS_ERROR("void* params not supported"); + return false; + + case nsXPTType::T_NSIDPTR: + if (Maybe id = xpc::JSValue2ID(cx, s)) { + *((const nsID**)d) = id.ref().Clone(); + return true; + } + return false; + + case nsXPTType::T_NSID: + if (Maybe id = xpc::JSValue2ID(cx, s)) { + *((nsID*)d) = id.ref(); + return true; + } + return false; + + case nsXPTType::T_ASTRING: { + nsAString* ws = (nsAString*)d; + if (s.isUndefined() || s.isNull()) { + ws->SetIsVoid(true); + return true; + } + size_t length = 0; + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + length = JS_GetStringLength(str); + if (!length) { + ws->Truncate(); + return true; + } + + return AssignJSString(cx, *ws, str); + } + + case nsXPTType::T_CHAR_STR: + case nsXPTType::T_PSTRING_SIZE_IS: { + if (s.isUndefined() || s.isNull()) { + if (sizeis && 0 != arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + *((char**)d) = nullptr; + return true; + } + + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + +#ifdef DEBUG + if (JS::StringHasLatin1Chars(str)) { + size_t len; + AutoCheckCannotGC nogc; + const Latin1Char* chars = + JS_GetLatin1StringCharsAndLength(cx, nogc, str, &len); + if (chars) { + CheckCharsInCharRange(chars, len); + } + } else { + size_t len; + AutoCheckCannotGC nogc; + const char16_t* chars = + JS_GetTwoByteStringCharsAndLength(cx, nogc, str, &len); + if (chars) { + CheckCharsInCharRange(chars, len); + } + } +#endif // DEBUG + + size_t length = JS_GetStringEncodingLength(cx, str); + if (length == size_t(-1)) { + return false; + } + if (sizeis) { + if (length > arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + if (length < arrlen) { + length = arrlen; + } + } + char* buffer = static_cast(moz_xmalloc(length + 1)); + if (!JS_EncodeStringToBuffer(cx, str, buffer, length)) { + free(buffer); + return false; + } + buffer[length] = '\0'; + *((void**)d) = buffer; + return true; + } + + case nsXPTType::T_WCHAR_STR: + case nsXPTType::T_PWSTRING_SIZE_IS: { + JSString* str; + + if (s.isUndefined() || s.isNull()) { + if (sizeis && 0 != arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + *((char16_t**)d) = nullptr; + return true; + } + + if (!(str = ToString(cx, s))) { + return false; + } + size_t len = JS_GetStringLength(str); + if (sizeis) { + if (len > arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_CHARS_IN_STRING; + } + return false; + } + if (len < arrlen) { + len = arrlen; + } + } + + size_t byte_len = (len + 1) * sizeof(char16_t); + *((void**)d) = moz_xmalloc(byte_len); + mozilla::Range destChars(*((char16_t**)d), len + 1); + if (!JS_CopyStringChars(cx, destChars, str)) { + return false; + } + destChars[len] = 0; + + return true; + } + + case nsXPTType::T_UTF8STRING: { + nsACString* rs = (nsACString*)d; + if (s.isNull() || s.isUndefined()) { + rs->SetIsVoid(true); + return true; + } + + // The JS val is neither null nor void... + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + size_t length = JS_GetStringLength(str); + if (!length) { + rs->Truncate(); + return true; + } + + JSLinearString* linear = JS_EnsureLinearString(cx, str); + if (!linear) { + return false; + } + + size_t utf8Length = JS::GetDeflatedUTF8StringLength(linear); + if (!rs->SetLength(utf8Length, fallible)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return false; + } + + mozilla::DebugOnly written = JS::DeflateStringToUTF8Buffer( + linear, mozilla::Span(rs->BeginWriting(), utf8Length)); + MOZ_ASSERT(written == utf8Length); + + return true; + } + + case nsXPTType::T_CSTRING: { + nsACString* rs = (nsACString*)d; + if (s.isNull() || s.isUndefined()) { + rs->SetIsVoid(true); + return true; + } + + // The JS val is neither null nor void... + JSString* str = ToString(cx, s); + if (!str) { + return false; + } + + size_t length = JS_GetStringEncodingLength(cx, str); + if (length == size_t(-1)) { + return false; + } + + if (!length) { + rs->Truncate(); + return true; + } + + if (!rs->SetLength(uint32_t(length), fallible)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return false; + } + if (rs->Length() != uint32_t(length)) { + return false; + } + if (!JS_EncodeStringToBuffer(cx, str, rs->BeginWriting(), length)) { + return false; + } + + return true; + } + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: { + MOZ_ASSERT(iid, "can't do interface conversions without iid"); + + if (iid->Equals(NS_GET_IID(nsIVariant))) { + nsCOMPtr variant = XPCVariant::newVariant(cx, s); + if (!variant) { + return false; + } + + variant.forget(static_cast(d)); + return true; + } + + if (s.isNullOrUndefined()) { + *((nsISupports**)d) = nullptr; + return true; + } + + // only wrap JSObjects + if (!s.isObject()) { + if (pErr && s.isInt32() && 0 == s.toInt32()) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS_ZERO_ISNOT_NULL; + } + return false; + } + + RootedObject src(cx, &s.toObject()); + return JSObject2NativeInterface(cx, (void**)d, src, iid, nullptr, pErr); + } + + case nsXPTType::T_DOMOBJECT: { + if (s.isNullOrUndefined()) { + *((void**)d) = nullptr; + return true; + } + + // Can't handle non-JSObjects + if (!s.isObject()) { + return false; + } + + nsresult err = type.GetDOMObjectInfo().Unwrap(s, (void**)d, cx); + if (pErr) { + *pErr = err; + } + return NS_SUCCEEDED(err); + } + + case nsXPTType::T_PROMISE: { + nsIGlobalObject* glob = CurrentNativeGlobal(cx); + if (!glob) { + if (pErr) { + *pErr = NS_ERROR_UNEXPECTED; + } + return false; + } + + // Call Promise::Resolve to create a Promise object. This allows us to + // support returning non-promise values from Promise-returning functions + // in JS. + IgnoredErrorResult err; + *(Promise**)d = Promise::Resolve(glob, cx, s, err).take(); + bool ok = !err.Failed(); + if (pErr) { + *pErr = err.StealNSResult(); + } + + return ok; + } + + case nsXPTType::T_LEGACY_ARRAY: { + void** dest = (void**)d; + const nsXPTType& elty = type.ArrayElementType(); + + *dest = nullptr; + + // FIXME: XPConnect historically has shortcut the JSArray2Native codepath + // in its caller if arrlen is 0, allowing arbitrary values to be passed as + // arrays and interpreted as the empty array (bug 1458987). + // + // NOTE: Once this is fixed, null/undefined should be allowed for arrays + // if arrlen is 0. + if (arrlen == 0) { + return true; + } + + bool ok = JSArray2Native( + cx, s, elty, iid, pErr, [&](uint32_t* aLength) -> void* { + // Check that we have enough elements in our array. + if (*aLength < arrlen) { + if (pErr) { + *pErr = NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY; + } + return nullptr; + } + *aLength = arrlen; + + // Allocate the backing buffer & return it. + *dest = moz_xmalloc(*aLength * elty.Stride()); + return *dest; + }); + + if (!ok && *dest) { + // An error occurred, free any allocated backing buffer. + free(*dest); + *dest = nullptr; + } + return ok; + } + + case nsXPTType::T_ARRAY: { + auto* dest = (xpt::detail::UntypedTArray*)d; + const nsXPTType& elty = type.ArrayElementType(); + + bool ok = JSArray2Native(cx, s, elty, iid, pErr, + [&](uint32_t* aLength) -> void* { + if (!dest->SetLength(elty, *aLength)) { + if (pErr) { + *pErr = NS_ERROR_OUT_OF_MEMORY; + } + return nullptr; + } + return dest->Elements(); + }); + + if (!ok) { + // An error occurred, free any allocated backing buffer. + dest->Clear(); + } + return ok; + } + + default: + NS_ERROR("bad type"); + return false; + } + return true; +} + +/***************************************************************************/ +// static +bool XPCConvert::NativeInterface2JSObject(JSContext* cx, MutableHandleValue d, + xpcObjectHelper& aHelper, + const nsID* iid, + bool allowNativeWrapper, + nsresult* pErr) { + if (!iid) { + iid = &NS_GET_IID(nsISupports); + } + + d.setNull(); + if (!aHelper.Object()) { + return true; + } + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + // We used to have code here that unwrapped and simply exposed the + // underlying JSObject. That caused anomolies when JSComponents were + // accessed from other JS code - they didn't act like other xpconnect + // wrapped components. So, instead, we create "double wrapped" objects + // (that means an XPCWrappedNative around an nsXPCWrappedJS). This isn't + // optimal -- we could detect this and roll the functionality into a + // single wrapper, but the current solution is good enough for now. + XPCWrappedNativeScope* xpcscope = ObjectScope(JS::CurrentGlobalOrNull(cx)); + if (!xpcscope) { + return false; + } + + JSAutoRealm ar(cx, xpcscope->GetGlobalForWrappedNatives()); + + // First, see if this object supports the wrapper cache. In that case, the + // object to use is found as cache->GetWrapper(). If that is null, then the + // object will create (and fill the cache) from its WrapObject call. + nsWrapperCache* cache = aHelper.GetWrapperCache(); + + RootedObject flat(cx, cache ? cache->GetWrapper() : nullptr); + if (!flat && cache) { + RootedObject global(cx, CurrentGlobalOrNull(cx)); + flat = cache->WrapObject(cx, nullptr); + if (!flat) { + return false; + } + } + if (flat) { + if (allowNativeWrapper && !JS_WrapObject(cx, &flat)) { + return false; + } + d.setObjectOrNull(flat); + return true; + } + + // Go ahead and create an XPCWrappedNative for this object. + RefPtr iface = XPCNativeInterface::GetNewOrUsed(cx, iid); + if (!iface) { + return false; + } + + RefPtr wrapper; + nsresult rv = XPCWrappedNative::GetNewOrUsed(cx, aHelper, xpcscope, iface, + getter_AddRefs(wrapper)); + if (NS_FAILED(rv) && pErr) { + *pErr = rv; + } + + // If creating the wrapped native failed, then return early. + if (NS_FAILED(rv) || !wrapper) { + return false; + } + + // If we're not creating security wrappers, we can return the + // XPCWrappedNative as-is here. + flat = wrapper->GetFlatJSObject(); + if (!allowNativeWrapper) { + d.setObjectOrNull(flat); + if (pErr) { + *pErr = NS_OK; + } + return true; + } + + // The call to wrap here handles both cross-compartment and same-compartment + // security wrappers. + RootedObject original(cx, flat); + if (!JS_WrapObject(cx, &flat)) { + return false; + } + + d.setObjectOrNull(flat); + + if (pErr) { + *pErr = NS_OK; + } + + return true; +} + +/***************************************************************************/ + +// static +bool XPCConvert::JSObject2NativeInterface(JSContext* cx, void** dest, + HandleObject src, const nsID* iid, + nsISupports* aOuter, nsresult* pErr) { + MOZ_ASSERT(dest, "bad param"); + MOZ_ASSERT(src, "bad param"); + MOZ_ASSERT(iid, "bad param"); + + js::AssertSameCompartment(cx, src); + + *dest = nullptr; + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + nsISupports* iface; + + if (!aOuter) { + // Note that if we have a non-null aOuter then it means that we are + // forcing the creation of a wrapper even if the object *is* a + // wrappedNative or other wise has 'nsISupportness'. + // This allows wrapJSAggregatedToNative to work. + + // If we're looking at a security wrapper, see now if we're allowed to + // pass it to C++. If we are, then fall through to the code below. If + // we aren't, throw an exception eagerly. + // + // NB: It's very important that we _don't_ unwrap in the aOuter case, + // because the caller may explicitly want to create the XPCWrappedJS + // around a security wrapper. XBL does this with Xrays from the XBL + // scope - see nsBindingManager::GetBindingImplementation. + // + // It's also very important that "inner" be rooted here. + RootedObject inner( + cx, js::CheckedUnwrapDynamic(src, cx, + /* stopAtWindowProxy = */ false)); + if (!inner) { + if (pErr) { + *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO; + } + return false; + } + + // Is this really a native xpcom object with a wrapper? + XPCWrappedNative* wrappedNative = nullptr; + if (IsWrappedNativeReflector(inner)) { + wrappedNative = XPCWrappedNative::Get(inner); + } + if (wrappedNative) { + iface = wrappedNative->GetIdentityObject(); + return NS_SUCCEEDED(iface->QueryInterface(*iid, dest)); + } + // else... + + // Deal with slim wrappers here. + if (GetISupportsFromJSObject(inner ? inner : src, &iface)) { + if (iface && NS_SUCCEEDED(iface->QueryInterface(*iid, dest))) { + return true; + } + + // If that failed, and iid is for mozIDOMWindowProxy, we actually + // want the outer! + if (iid->Equals(NS_GET_IID(mozIDOMWindowProxy))) { + if (nsCOMPtr inner = do_QueryInterface(iface)) { + iface = nsPIDOMWindowInner::From(inner)->GetOuterWindow(); + return NS_SUCCEEDED(iface->QueryInterface(*iid, dest)); + } + } + + return false; + } + } + + RefPtr wrapper; + nsresult rv = + nsXPCWrappedJS::GetNewOrUsed(cx, src, *iid, getter_AddRefs(wrapper)); + if (pErr) { + *pErr = rv; + } + + if (NS_FAILED(rv) || !wrapper) { + return false; + } + + // If the caller wanted to aggregate this JS object to a native, + // attach it to the wrapper. Note that we allow a maximum of one + // aggregated native for a given XPCWrappedJS. + if (aOuter) { + wrapper->SetAggregatedNativeObject(aOuter); + } + + // We need to go through the QueryInterface logic to make this return + // the right thing for the various 'special' interfaces; e.g. + // nsISimpleEnumerator. We must use AggregatedQueryInterface in cases where + // there is an outer to avoid nasty recursion. + rv = aOuter ? wrapper->AggregatedQueryInterface(*iid, dest) + : wrapper->QueryInterface(*iid, dest); + if (pErr) { + *pErr = rv; + } + return NS_SUCCEEDED(rv); +} + +/***************************************************************************/ +/***************************************************************************/ + +// static +nsresult XPCConvert::ConstructException(nsresult rv, const char* message, + const char* ifaceName, + const char* methodName, + nsISupports* data, Exception** exceptn, + JSContext* cx, Value* jsExceptionPtr) { + MOZ_ASSERT(!cx == !jsExceptionPtr, + "Expected cx and jsExceptionPtr to cooccur."); + + static const char format[] = "\'%s\' when calling method: [%s::%s]"; + const char* msg = message; + nsAutoCString sxmsg; // must have the same lifetime as msg + + nsCOMPtr errorObject = do_QueryInterface(data); + if (errorObject) { + nsString xmsg; + if (NS_SUCCEEDED(errorObject->GetMessageMoz(xmsg))) { + CopyUTF16toUTF8(xmsg, sxmsg); + msg = sxmsg.get(); + } + } + if (!msg) { + if (!nsXPCException::NameAndFormatForNSResult(rv, nullptr, &msg) || !msg) { + msg = ""; + } + } + + nsCString msgStr(msg); + if (ifaceName && methodName) { + msgStr.AppendPrintf(format, msg, ifaceName, methodName); + } + + RefPtr e = new Exception(msgStr, rv, ""_ns, nullptr, data); + + if (cx && jsExceptionPtr) { + e->StowJSVal(*jsExceptionPtr); + } + + e.forget(exceptn); + return NS_OK; +} + +/********************************/ + +class MOZ_STACK_CLASS AutoExceptionRestorer { + public: + AutoExceptionRestorer(JSContext* cx, const Value& v) + : mContext(cx), tvr(cx, v) { + JS_ClearPendingException(mContext); + } + + ~AutoExceptionRestorer() { JS_SetPendingException(mContext, tvr); } + + private: + JSContext* const mContext; + RootedValue tvr; +}; + +static nsresult JSErrorToXPCException(JSContext* cx, const char* toStringResult, + const char* ifaceName, + const char* methodName, + const JSErrorReport* report, + Exception** exceptn) { + nsresult rv = NS_ERROR_FAILURE; + RefPtr data; + if (report) { + nsAutoString bestMessage; + if (report->message()) { + CopyUTF8toUTF16(mozilla::MakeStringSpan(report->message().c_str()), + bestMessage); + } else if (toStringResult) { + CopyUTF8toUTF16(mozilla::MakeStringSpan(toStringResult), bestMessage); + } else { + bestMessage.AssignLiteral("JavaScript Error"); + } + + const char16_t* linebuf = report->linebuf(); + uint32_t flags = report->isWarning() ? nsIScriptError::warningFlag + : nsIScriptError::errorFlag; + + data = new nsScriptError(); + data->nsIScriptError::InitWithWindowID( + bestMessage, NS_ConvertUTF8toUTF16(report->filename), + linebuf ? nsDependentString(linebuf, report->linebufLength()) + : EmptyString(), + report->lineno, report->tokenOffset(), flags, "XPConnect JavaScript"_ns, + nsJSUtils::GetCurrentlyRunningCodeInnerWindowID(cx)); + } + + if (data) { + // Pass nullptr for the message: ConstructException will get a message + // from the nsIScriptError. + rv = XPCConvert::ConstructException( + NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS, nullptr, ifaceName, + methodName, static_cast(data.get()), exceptn, nullptr, + nullptr); + } else { + rv = XPCConvert::ConstructException(NS_ERROR_XPC_JAVASCRIPT_ERROR, nullptr, + ifaceName, methodName, nullptr, exceptn, + nullptr, nullptr); + } + return rv; +} + +// static +nsresult XPCConvert::JSValToXPCException(JSContext* cx, MutableHandleValue s, + const char* ifaceName, + const char* methodName, + Exception** exceptn) { + AutoExceptionRestorer aer(cx, s); + + if (!s.isPrimitive()) { + // we have a JSObject + RootedObject obj(cx, s.toObjectOrNull()); + + if (!obj) { + NS_ERROR("when is an object not an object?"); + return NS_ERROR_FAILURE; + } + + // is this really a native xpcom object with a wrapper? + JSObject* unwrapped = + js::CheckedUnwrapDynamic(obj, cx, /* stopAtWindowProxy = */ false); + if (!unwrapped) { + return NS_ERROR_XPC_SECURITY_MANAGER_VETO; + } + // It's OK to use ReflectorToISupportsStatic, because we have already + // stripped off wrappers. + if (nsCOMPtr supports = + ReflectorToISupportsStatic(unwrapped)) { + nsCOMPtr iface = do_QueryInterface(supports); + if (iface) { + // just pass through the exception (with extra ref and all) + iface.forget(exceptn); + return NS_OK; + } + + // it is a wrapped native, but not an exception! + return ConstructException(NS_ERROR_XPC_JS_THREW_NATIVE_OBJECT, nullptr, + ifaceName, methodName, supports, exceptn, + nullptr, nullptr); + } else { + // It is a JSObject, but not a wrapped native... + + // If it is an engine Error with an error report then let's + // extract the report and build an xpcexception from that + const JSErrorReport* report; + if (nullptr != (report = JS_ErrorFromException(cx, obj))) { + JS::UniqueChars toStringResult; + RootedString str(cx, ToString(cx, s)); + if (str) { + toStringResult = JS_EncodeStringToUTF8(cx, str); + } + return JSErrorToXPCException(cx, toStringResult.get(), ifaceName, + methodName, report, exceptn); + } + + // XXX we should do a check against 'js_ErrorClass' here and + // do the right thing - even though it has no JSErrorReport, + // The fact that it is a JSError exceptions means we can extract + // particular info and our 'result' should reflect that. + + // otherwise we'll just try to convert it to a string + + JSString* str = ToString(cx, s); + if (!str) { + return NS_ERROR_FAILURE; + } + + JS::UniqueChars strBytes = JS_EncodeStringToLatin1(cx, str); + if (!strBytes) { + return NS_ERROR_FAILURE; + } + + return ConstructException(NS_ERROR_XPC_JS_THREW_JS_OBJECT, strBytes.get(), + ifaceName, methodName, nullptr, exceptn, cx, + s.address()); + } + } + + if (s.isUndefined() || s.isNull()) { + return ConstructException(NS_ERROR_XPC_JS_THREW_NULL, nullptr, ifaceName, + methodName, nullptr, exceptn, cx, s.address()); + } + + if (s.isNumber()) { + // lets see if it looks like an nsresult + nsresult rv; + double number; + bool isResult = false; + + if (s.isInt32()) { + rv = (nsresult)s.toInt32(); + if (NS_FAILED(rv)) { + isResult = true; + } else { + number = (double)s.toInt32(); + } + } else { + number = s.toDouble(); + if (number > 0.0 && number < (double)0xffffffff && + 0.0 == fmod(number, 1)) { + // Visual Studio 9 doesn't allow casting directly from a + // double to an enumeration type, contrary to 5.2.9(10) of + // C++11, so add an intermediate cast. + rv = (nsresult)(uint32_t)number; + if (NS_FAILED(rv)) { + isResult = true; + } + } + } + + if (isResult) { + return ConstructException(rv, nullptr, ifaceName, methodName, nullptr, + exceptn, cx, s.address()); + } else { + // XXX all this nsISupportsDouble code seems a little redundant + // now that we're storing the Value in the exception... + nsCOMPtr data; + nsCOMPtr cm; + if (NS_FAILED(NS_GetComponentManager(getter_AddRefs(cm))) || !cm || + NS_FAILED(cm->CreateInstanceByContractID( + NS_SUPPORTS_DOUBLE_CONTRACTID, NS_GET_IID(nsISupportsDouble), + getter_AddRefs(data)))) { + return NS_ERROR_FAILURE; + } + data->SetData(number); + rv = ConstructException(NS_ERROR_XPC_JS_THREW_NUMBER, nullptr, ifaceName, + methodName, data, exceptn, cx, s.address()); + return rv; + } + } + + // otherwise we'll just try to convert it to a string + // Note: e.g., bools get converted to JSStrings by this code. + + JSString* str = ToString(cx, s); + if (str) { + if (JS::UniqueChars strBytes = JS_EncodeStringToLatin1(cx, str)) { + return ConstructException(NS_ERROR_XPC_JS_THREW_STRING, strBytes.get(), + ifaceName, methodName, nullptr, exceptn, cx, + s.address()); + } + } + return NS_ERROR_FAILURE; +} + +/***************************************************************************/ + +// array fun... + +// static +bool XPCConvert::NativeArray2JS(JSContext* cx, MutableHandleValue d, + const void* buf, const nsXPTType& type, + const nsID* iid, uint32_t count, + nsresult* pErr) { + MOZ_ASSERT(buf || count == 0, "Must have buf or 0 elements"); + + RootedObject array(cx, JS::NewArrayObject(cx, count)); + if (!array) { + return false; + } + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_NATIVE; + } + + RootedValue current(cx, JS::NullValue()); + for (uint32_t i = 0; i < count; ++i) { + if (!NativeData2JS(cx, ¤t, type.ElementPtr(buf, i), type, iid, 0, + pErr) || + !JS_DefineElement(cx, array, i, current, JSPROP_ENUMERATE)) + return false; + } + + if (pErr) { + *pErr = NS_OK; + } + d.setObject(*array); + return true; +} + +// static +bool XPCConvert::JSArray2Native(JSContext* cx, JS::HandleValue aJSVal, + const nsXPTType& aEltType, const nsIID* aIID, + nsresult* pErr, + const ArrayAllocFixupLen& aAllocFixupLen) { + // Wrap aAllocFixupLen to check length is within bounds & initialize the + // allocated memory if needed. + auto allocFixupLen = [&](uint32_t* aLength) -> void* { + if (*aLength > (UINT32_MAX / aEltType.Stride())) { + return nullptr; // Byte length doesn't fit in uint32_t + } + + void* buf = aAllocFixupLen(aLength); + + // Ensure the buffer has valid values for each element. We can skip this + // for arithmetic types, as they do not require initialization. + if (buf && !aEltType.IsArithmetic()) { + for (uint32_t i = 0; i < *aLength; ++i) { + InitializeValue(aEltType, aEltType.ElementPtr(buf, i)); + } + } + return buf; + }; + + // JSArray2Native only accepts objects (Array and TypedArray). + if (!aJSVal.isObject()) { + if (pErr) { + *pErr = NS_ERROR_XPC_CANT_CONVERT_PRIMITIVE_TO_ARRAY; + } + return false; + } + RootedObject jsarray(cx, &aJSVal.toObject()); + + if (pErr) { + *pErr = NS_ERROR_XPC_BAD_CONVERT_JS; + } + + if (JS_IsTypedArrayObject(jsarray)) { + // Fast conversion of typed arrays to native using memcpy. No float or + // double canonicalization is done. ArrayBuffers are not accepted; + // create a properly typed array view on them first. The element type of + // array must match the XPCOM type in size, type and signedness exactly. + // As an exception, Uint8ClampedArray is allowed for arrays of uint8_t. + // DataViews are not supported. + + nsXPTTypeTag tag; + switch (JS_GetArrayBufferViewType(jsarray)) { + case js::Scalar::Int8: + tag = TD_INT8; + break; + case js::Scalar::Uint8: + tag = TD_UINT8; + break; + case js::Scalar::Uint8Clamped: + tag = TD_UINT8; + break; + case js::Scalar::Int16: + tag = TD_INT16; + break; + case js::Scalar::Uint16: + tag = TD_UINT16; + break; + case js::Scalar::Int32: + tag = TD_INT32; + break; + case js::Scalar::Uint32: + tag = TD_UINT32; + break; + case js::Scalar::Float32: + tag = TD_FLOAT; + break; + case js::Scalar::Float64: + tag = TD_DOUBLE; + break; + default: + return false; + } + if (aEltType.Tag() != tag) { + return false; + } + + // Allocate the backing buffer before getting the view data in case + // allocFixupLen can cause GCs. + uint32_t length; + { + // nsTArray and code below uses uint32_t lengths, so reject large typed + // arrays. + size_t fullLength = JS_GetTypedArrayLength(jsarray); + if (fullLength > UINT32_MAX) { + return false; + } + length = uint32_t(fullLength); + } + void* buf = allocFixupLen(&length); + if (!buf) { + return false; + } + + // Get the backing memory buffer to copy out of. + JS::AutoCheckCannotGC nogc; + bool isShared = false; + const void* data = JS_GetArrayBufferViewData(jsarray, &isShared, nogc); + + // Require opting in to shared memory - a future project. + if (isShared) { + return false; + } + + // Directly copy data into the allocated target buffer. + memcpy(buf, data, length * aEltType.Stride()); + return true; + } + + // If jsarray is not a TypedArrayObject, check for an Array object. + uint32_t length = 0; + bool isArray = false; + if (!JS::IsArrayObject(cx, jsarray, &isArray) || !isArray || + !JS::GetArrayLength(cx, jsarray, &length)) { + if (pErr) { + *pErr = NS_ERROR_XPC_CANT_CONVERT_OBJECT_TO_ARRAY; + } + return false; + } + + void* buf = allocFixupLen(&length); + if (!buf) { + return false; + } + + // Translate each array element separately. + RootedValue current(cx); + for (uint32_t i = 0; i < length; ++i) { + if (!JS_GetElement(cx, jsarray, i, ¤t) || + !JSData2Native(cx, aEltType.ElementPtr(buf, i), current, aEltType, aIID, + 0, pErr)) { + // Array element conversion failed. Clean up all elements converted + // before the error. Caller handles freeing 'buf'. + for (uint32_t j = 0; j < i; ++j) { + DestructValue(aEltType, aEltType.ElementPtr(buf, j)); + } + return false; + } + } + + return true; +} + +/***************************************************************************/ + +// Internal implementation details for xpc::CleanupValue. + +void xpc::InnerCleanupValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen) { + MOZ_ASSERT(!aType.IsArithmetic(), + "Arithmetic types should not get to InnerCleanupValue!"); + MOZ_ASSERT(aArrayLen == 0 || aType.Tag() == nsXPTType::T_PSTRING_SIZE_IS || + aType.Tag() == nsXPTType::T_PWSTRING_SIZE_IS || + aType.Tag() == nsXPTType::T_LEGACY_ARRAY, + "Array lengths may only appear for certain types!"); + + switch (aType.Tag()) { + // Pointer types + case nsXPTType::T_DOMOBJECT: + aType.GetDOMObjectInfo().Cleanup(*(void**)aValue); + break; + + case nsXPTType::T_PROMISE: + (*(mozilla::dom::Promise**)aValue)->Release(); + break; + + case nsXPTType::T_INTERFACE: + case nsXPTType::T_INTERFACE_IS: + (*(nsISupports**)aValue)->Release(); + break; + + // String types + case nsXPTType::T_ASTRING: + ((nsAString*)aValue)->Truncate(); + break; + case nsXPTType::T_UTF8STRING: + case nsXPTType::T_CSTRING: + ((nsACString*)aValue)->Truncate(); + break; + + // Pointer Types + case nsXPTType::T_NSIDPTR: + case nsXPTType::T_CHAR_STR: + case nsXPTType::T_WCHAR_STR: + case nsXPTType::T_PSTRING_SIZE_IS: + case nsXPTType::T_PWSTRING_SIZE_IS: + free(*(void**)aValue); + break; + + // Legacy Array Type + case nsXPTType::T_LEGACY_ARRAY: { + const nsXPTType& elty = aType.ArrayElementType(); + void* elements = *(void**)aValue; + + for (uint32_t i = 0; i < aArrayLen; ++i) { + DestructValue(elty, elty.ElementPtr(elements, i)); + } + free(elements); + break; + } + + // Array Type + case nsXPTType::T_ARRAY: { + const nsXPTType& elty = aType.ArrayElementType(); + auto* array = (xpt::detail::UntypedTArray*)aValue; + + for (uint32_t i = 0; i < array->Length(); ++i) { + DestructValue(elty, elty.ElementPtr(array->Elements(), i)); + } + array->Clear(); + break; + } + + // Clear nsID& parameters to `0` + case nsXPTType::T_NSID: + ((nsID*)aValue)->Clear(); + break; + + // Clear the JS::Value to `undefined` + case nsXPTType::T_JSVAL: + ((JS::Value*)aValue)->setUndefined(); + break; + + // Non-arithmetic types requiring no cleanup + case nsXPTType::T_VOID: + break; + + default: + MOZ_CRASH("Unknown Type!"); + } + + // Clear any non-complex values to the valid '0' state. + if (!aType.IsComplex()) { + aType.ZeroValue(aValue); + } +} + +/***************************************************************************/ + +// Implementation of xpc::InitializeValue. + +void xpc::InitializeValue(const nsXPTType& aType, void* aValue) { + switch (aType.Tag()) { + // Use placement-new to initialize complex values +#define XPT_INIT_TYPE(tag, type) \ + case tag: \ + new (aValue) type(); \ + break; + XPT_FOR_EACH_COMPLEX_TYPE(XPT_INIT_TYPE) +#undef XPT_INIT_TYPE + + // The remaining types have valid states where all bytes are '0'. + default: + aType.ZeroValue(aValue); + break; + } +} + +// In XPT_FOR_EACH_COMPLEX_TYPE, typenames may be namespaced (such as +// xpt::UntypedTArray). Namespaced typenames cannot be used to explicitly invoke +// destructors, so this method acts as a helper to let us call the destructor of +// these objects. +template +static void _DestructValueHelper(void* aValue) { + static_cast(aValue)->~T(); +} + +void xpc::DestructValue(const nsXPTType& aType, void* aValue, + uint32_t aArrayLen) { + // Get aValue into an clean, empty state. + xpc::CleanupValue(aType, aValue, aArrayLen); + + // Run destructors on complex types. + switch (aType.Tag()) { +#define XPT_RUN_DESTRUCTOR(tag, type) \ + case tag: \ + _DestructValueHelper(aValue); \ + break; + XPT_FOR_EACH_COMPLEX_TYPE(XPT_RUN_DESTRUCTOR) +#undef XPT_RUN_DESTRUCTOR + default: + break; // dtor is a no-op on other types. + } +} -- cgit v1.2.3