[Pkg-mozext-commits] [greasemonkey] 03/16: Block any (Xray/XPC) wrapped arguments in apiLeakCheck().
David Prévot
taffit at moszumanska.debian.org
Thu Jan 30 13:42:28 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository greasemonkey.
commit 16db4214e2f1bb0f076519806b2ed4a2258d5045
Author: Anthony Lieuallen <arantius at gmail.com>
Date: Wed Jan 29 11:30:25 2014 -0500
Block any (Xray/XPC) wrapped arguments in apiLeakCheck().
Refs #1494
---
components/greasemonkey.js | 8 ++++++--
modules/miscapis.js | 20 ++++++++++----------
modules/util/apiLeakCheck.js | 14 ++++++++++++--
modules/xmlhttprequester.js | 2 +-
4 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/components/greasemonkey.js b/components/greasemonkey.js
index 09ed2f8..97d66fd 100644
--- a/components/greasemonkey.js
+++ b/components/greasemonkey.js
@@ -183,7 +183,9 @@ function isTempScript(uri) {
}
function openInTab(safeContentWin, url, aLoadInBackground) {
- if (!GM_util.apiLeakCheck("GM_openInTab")) {
+ // Skip the first arg, which is hitched rather than passed in.
+ var extern_args = Array.prototype.slice.call(arguments, 1);
+ if (!GM_util.apiLeakCheck("GM_openInTab", extern_args)) {
return undefined;
}
if ('undefined' == typeof aLoadInBackground) aLoadInBackground = null;
@@ -218,7 +220,9 @@ function registerMenuCommand(
wrappedContentWin, script,
commandName, commandFunc, accessKey, unused, accessKey2
) {
- if (!GM_util.apiLeakCheck("GM_registerMenuCommand")) {
+ // Skip the first two args, which are hitched rather than passed in.
+ var extern_args = Array.prototype.slice.call(arguments, 2);
+ if (!GM_util.apiLeakCheck("GM_registerMenuCommand", extern_args)) {
return;
}
diff --git a/modules/miscapis.js b/modules/miscapis.js
index f557856..2bfc0cf 100644
--- a/modules/miscapis.js
+++ b/modules/miscapis.js
@@ -53,7 +53,7 @@ GM_ScriptStorage.prototype.setValue = function(name, val) {
throw new Error(this.stringBundle.GetStringFromName('error.args.setValue'));
}
- if (!GM_util.apiLeakCheck("GM_setValue")) {
+ if (!GM_util.apiLeakCheck("GM_setValue", arguments)) {
return;
}
@@ -72,7 +72,7 @@ GM_ScriptStorage.prototype.setValue = function(name, val) {
GM_ScriptStorage.prototype.getValue = function(name, defVal) {
- if (!GM_util.apiLeakCheck("GM_getValue")) {
+ if (!GM_util.apiLeakCheck("GM_getValue", arguments)) {
return undefined;
}
@@ -101,7 +101,7 @@ GM_ScriptStorage.prototype.getValue = function(name, defVal) {
GM_ScriptStorage.prototype.deleteValue = function(name) {
- if (!GM_util.apiLeakCheck("GM_deleteValue")) {
+ if (!GM_util.apiLeakCheck("GM_deleteValue", arguments)) {
return undefined;
}
@@ -119,7 +119,7 @@ GM_ScriptStorage.prototype.deleteValue = function(name) {
GM_ScriptStorage.prototype.listValues = function() {
- if (!GM_util.apiLeakCheck("GM_listValues")) {
+ if (!GM_util.apiLeakCheck("GM_listValues", arguments)) {
return undefined;
}
@@ -182,7 +182,7 @@ GM_ScriptStoragePrefs.prototype.setValue = function(name, val) {
throw new Error(this.stringBundle.GetStringFromName('error.args.setValue'));
}
- if (!GM_util.apiLeakCheck("GM_setValue")) {
+ if (!GM_util.apiLeakCheck("GM_setValue", arguments)) {
return;
}
@@ -191,7 +191,7 @@ GM_ScriptStoragePrefs.prototype.setValue = function(name, val) {
};
GM_ScriptStoragePrefs.prototype.getValue = function(name, defVal) {
- if (!GM_util.apiLeakCheck("GM_getValue")) {
+ if (!GM_util.apiLeakCheck("GM_getValue", arguments)) {
return undefined;
}
@@ -199,7 +199,7 @@ GM_ScriptStoragePrefs.prototype.getValue = function(name, defVal) {
};
GM_ScriptStoragePrefs.prototype.deleteValue = function(name) {
- if (!GM_util.apiLeakCheck("GM_deleteValue")) {
+ if (!GM_util.apiLeakCheck("GM_deleteValue", arguments)) {
return undefined;
}
@@ -208,7 +208,7 @@ GM_ScriptStoragePrefs.prototype.deleteValue = function(name) {
};
GM_ScriptStoragePrefs.prototype.listValues = function() {
- if (!GM_util.apiLeakCheck("GM_listValues")) {
+ if (!GM_util.apiLeakCheck("GM_listValues", arguments)) {
return undefined;
}
@@ -229,7 +229,7 @@ function GM_Resources(script){
}
GM_Resources.prototype.getResourceURL = function(aScript, name) {
- if (!GM_util.apiLeakCheck("GM_getResourceURL")) {
+ if (!GM_util.apiLeakCheck("GM_getResourceURL", arguments)) {
return undefined;
}
@@ -237,7 +237,7 @@ GM_Resources.prototype.getResourceURL = function(aScript, name) {
};
GM_Resources.prototype.getResourceText = function(name) {
- if (!GM_util.apiLeakCheck("GM_getResourceText")) {
+ if (!GM_util.apiLeakCheck("GM_getResourceText", arguments)) {
return undefined;
}
diff --git a/modules/util/apiLeakCheck.js b/modules/util/apiLeakCheck.js
index c76a416..5934551 100644
--- a/modules/util/apiLeakCheck.js
+++ b/modules/util/apiLeakCheck.js
@@ -19,9 +19,19 @@ var gScriptDirPath = (function() {
})();
-function apiLeakCheck(apiName) {
- var stack = Components.stack;
+function apiLeakCheck(apiName, origArguments) {
+ var argLen = origArguments.length;
+ for (var i = 0; i < argLen; i++) {
+ var arg = origArguments[i];
+ if (arg && arg.wrappedJSObject) {
+ GM_util.logError(new Error(
+ gAccessViolationString.replace('%1', apiName) + ' (Xray)'
+ ));
+ return false;
+ }
+ }
+ var stack = Components.stack;
do {
// Valid locations for GM API calls are:
// * Greasemonkey scripts.
diff --git a/modules/xmlhttprequester.js b/modules/xmlhttprequester.js
index cc00630..1fd5e6d 100644
--- a/modules/xmlhttprequester.js
+++ b/modules/xmlhttprequester.js
@@ -17,7 +17,7 @@ function GM_xmlhttpRequester(wrappedContentWin, chromeWindow, originUrl) {
// can't support mimetype because i think it's only used for forcing
// text/xml and we can't support that
GM_xmlhttpRequester.prototype.contentStartRequest = function(details) {
- if (!GM_util.apiLeakCheck("GM_xmlhttpRequest")) {
+ if (!GM_util.apiLeakCheck("GM_xmlhttpRequest", arguments)) {
return;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/greasemonkey.git
More information about the Pkg-mozext-commits
mailing list