Eric, can you please apply these js patches and ask the reporter of the bug if at least some extensions become functional again?
- Alexander -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `- http://www.debian.org/
commit 491da2fe7c3e38d9c52358edf5d39394b88022ea Author: Alexander Sack <[EMAIL PROTECTED]> Date: Mon Jul 31 14:49:48 2006 +0200 [regression 336875] was introduced by fix for mfsa2006-31, 336601 diff --git a/js/src/jsobj.c b/js/src/jsobj.c index db0c0b4..45c7025 100644 --- a/js/src/jsobj.c +++ b/js/src/jsobj.c @@ -3412,35 +3412,54 @@ JSBool js_CheckAccess(JSContext *cx, JSObject *obj, jsid id, JSAccessMode mode, jsval *vp, uintN *attrsp) { + JSBool writing; JSObject *pobj; JSProperty *prop; JSScopeProperty *sprop; JSClass *clasp; JSCheckAccessOp check; - JSBool ok; - if (!js_LookupProperty(cx, obj, id, &pobj, &prop)) - return JS_FALSE; - if (!prop) { - *vp = JSVAL_VOID; - *attrsp = 0; - clasp = OBJ_GET_CLASS(cx, obj); - return !clasp->checkAccess || - clasp->checkAccess(cx, obj, ID_TO_VALUE(id), mode, vp); - } - if (!OBJ_IS_NATIVE(pobj)) { + writing = (mode & JSACC_WRITE) != 0; + switch (mode & JSACC_TYPEMASK) { + case JSACC_PROTO: + pobj = obj; + if (!writing) + *vp = OBJ_GET_SLOT(cx, obj, JSSLOT_PROTO); + *attrsp = JSPROP_PERMANENT; + break; + + case JSACC_PARENT: + JS_ASSERT(!writing); + pobj = obj; + *vp = OBJ_GET_SLOT(cx, obj, JSSLOT_PARENT); + *attrsp = JSPROP_READONLY | JSPROP_PERMANENT; + break; + + default: + if (!js_LookupProperty(cx, obj, id, &pobj, &prop)) + return JS_FALSE; + if (!prop) { + if (!writing) + *vp = JSVAL_VOID; + *attrsp = 0; + clasp = OBJ_GET_CLASS(cx, obj); + return !clasp->checkAccess || + clasp->checkAccess(cx, obj, ID_TO_VALUE(id), mode, vp); + } + if (!OBJ_IS_NATIVE(pobj)) { + OBJ_DROP_PROPERTY(cx, pobj, prop); + return OBJ_CHECK_ACCESS(cx, pobj, id, mode, vp, attrsp); + } + + sprop = (JSScopeProperty *)prop; + *attrsp = sprop->attrs; + if (!writing) { + *vp = (SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(pobj))) + ? LOCKED_OBJ_GET_SLOT(pobj, sprop->slot) + : JSVAL_VOID; + } OBJ_DROP_PROPERTY(cx, pobj, prop); - return OBJ_CHECK_ACCESS(cx, pobj, id, mode, vp, attrsp); } - sprop = (JSScopeProperty *)prop; - *vp = (SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(pobj))) - ? LOCKED_OBJ_GET_SLOT(pobj, sprop->slot) - : ((mode & JSACC_WATCH) == JSACC_PROTO) - ? LOCKED_OBJ_GET_SLOT(obj, JSSLOT_PROTO) - : (mode == JSACC_PARENT) - ? LOCKED_OBJ_GET_SLOT(obj, JSSLOT_PARENT) - : JSVAL_VOID; - *attrsp = sprop->attrs; /* * If obj's class has a stub (null) checkAccess hook, use the per-runtime @@ -3454,19 +3473,11 @@ js_CheckAccess(JSContext *cx, JSObject * * checkObjectAccess hook. This covers precompilation-based sharing and * (possibly unintended) runtime sharing across trust boundaries. */ - clasp = LOCKED_OBJ_GET_CLASS(pobj); + clasp = OBJ_GET_CLASS(cx, pobj); check = clasp->checkAccess; if (!check) check = cx->runtime->checkObjectAccess; - if (check) { - JS_UNLOCK_OBJ(cx, pobj); - ok = check(cx, pobj, ID_TO_VALUE(id), mode, vp); - JS_LOCK_OBJ(cx, pobj); - } else { - ok = JS_TRUE; - } - OBJ_DROP_PROPERTY(cx, pobj, prop); - return ok; + return !check || check(cx, pobj, ID_TO_VALUE(id), mode, vp); } #ifdef JS_THREADSAFE commit 60d8a17b4b8dc3f840b37a9ce4b4bfe5b7af495c Author: Alexander Sack <[EMAIL PROTECTED]> Date: Mon Jul 31 14:40:53 2006 +0200 [regression 343713] was introduced by fix for mfsa2006-31, 336601 diff --git a/js/src/jsinterp.c b/js/src/jsinterp.c index 8eb1a43..1338224 100644 --- a/js/src/jsinterp.c +++ b/js/src/jsinterp.c @@ -641,8 +641,6 @@ ComputeThis(JSContext *cx, JSObject *thi if (JSVAL_IS_NULL(v)) break; } - JS_ASSERT(JSVAL_IS_VOID(v) || - JSVAL_TO_OBJECT(v) == OBJ_GET_PARENT(cx, thisp)); if (JSVAL_IS_NULL(v)) break; thisp = JSVAL_TO_OBJECT(v);