webkitgtk-2.16.5HEADwebkitgtk-2.16.5master

1 files changed, 106 insertions, 50 deletions

diff --git a/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp b/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
index 9674ca3e9..d68974d0b 100644
--- a/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
+++ b/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,10 +32,13 @@
 #include "NPJSObject.h"
 #include "NPRuntimeObjectMap.h"
 #include "NPRuntimeUtilities.h"
+#include <JavaScriptCore/AuxiliaryBarrierInlines.h>
 #include <JavaScriptCore/Error.h>
+#include <JavaScriptCore/IdentifierInlines.h>
 #include <JavaScriptCore/JSGlobalObject.h>
 #include <JavaScriptCore/JSLock.h>
 #include <JavaScriptCore/ObjectPrototype.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/IdentifierRep.h>
 #include <WebCore/JSDOMWindowBase.h>
 #include <wtf/Assertions.h>
@@ -49,12 +52,13 @@ namespace WebKit {
 static NPIdentifier npIdentifierFromIdentifier(PropertyName propertyName)
 {
     String name(propertyName.publicName());
+    // If the propertyName is Symbol.
     if (name.isNull())
-        return 0;
+        return nullptr;
     return static_cast<NPIdentifier>(IdentifierRep::get(name.utf8().data()));
 }
 
-const ClassInfo JSNPObject::s_info = { "NPObject", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSNPObject) };
+const ClassInfo JSNPObject::s_info = { "NPObject", &Base::s_info, 0, CREATE_METHOD_TABLE(JSNPObject) };
 
 JSNPObject::JSNPObject(JSGlobalObject* globalObject, Structure* structure, NPRuntimeObjectMap* objectMap, NPObject* npObject)
     : JSDestructibleObject(globalObject->vm(), structure)
@@ -66,8 +70,9 @@ JSNPObject::JSNPObject(JSGlobalObject* globalObject, Structure* structure, NPRun
 
 void JSNPObject::finishCreation(JSGlobalObject* globalObject)
 {
-    Base::finishCreation(globalObject->vm());
-    ASSERT(inherits(info()));
+    VM& vm = globalObject->vm();
+    Base::finishCreation(vm);
+    ASSERT(inherits(vm, info()));
 
     // We should never have an NPJSObject inside a JSNPObject.
     ASSERT(!NPJSObject::isNPJSObject(m_npObject));
@@ -89,7 +94,6 @@ void JSNPObject::destroy(JSCell* cell)
 void JSNPObject::invalidate()
 {
     ASSERT(m_npObject);
-    ASSERT_GC_OBJECT_INHERITS(this, info());
 
     releaseNPObject(m_npObject);
     m_npObject = 0;
@@ -106,9 +110,16 @@ NPObject* JSNPObject::leakNPObject()
 
 JSValue JSNPObject::callMethod(ExecState* exec, NPIdentifier methodName)
 {
-    ASSERT_GC_OBJECT_INHERITS(this, info());
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    ASSERT_THIS_GC_OBJECT_INHERITS(info());
     if (!m_npObject)
-        return throwInvalidAccessError(exec);
+        return throwInvalidAccessError(exec, scope);
+
+    // If the propertyName is symbol.
+    if (!methodName)
+        return jsUndefined();
 
     size_t argumentCount = exec->argumentCount();
     Vector<NPVariant, 8> arguments(argumentCount);
@@ -127,17 +138,17 @@ JSValue JSNPObject::callMethod(ExecState* exec, NPIdentifier methodName)
     VOID_TO_NPVARIANT(result);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->invoke(m_npObject, methodName, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
 
-    // Release all arguments;
+    // Release all arguments.
     for (size_t i = 0; i < argumentCount; ++i)
         releaseNPVariantValue(&arguments[i]);
 
     if (!returnValue)
-        exec->vm().throwException(exec, createError(exec, "Error calling method on NPObject."));
+        throwException(exec, scope, createError(exec, "Error calling method on NPObject."));
 
     JSValue propertyValue = m_objectMap->convertNPVariantToJSValue(exec, globalObject(), result);
     releaseNPVariantValue(&result);
@@ -146,9 +157,12 @@ JSValue JSNPObject::callMethod(ExecState* exec, NPIdentifier methodName)
 
 JSC::JSValue JSNPObject::callObject(JSC::ExecState* exec)
 {
-    ASSERT_GC_OBJECT_INHERITS(this, info());
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    ASSERT_THIS_GC_OBJECT_INHERITS(info());
     if (!m_npObject)
-        return throwInvalidAccessError(exec);
+        return throwInvalidAccessError(exec, scope);
 
     size_t argumentCount = exec->argumentCount();
     Vector<NPVariant, 8> arguments(argumentCount);
@@ -167,7 +181,7 @@ JSC::JSValue JSNPObject::callObject(JSC::ExecState* exec)
     VOID_TO_NPVARIANT(result);
 
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->invokeDefault(m_npObject, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
@@ -177,7 +191,7 @@ JSC::JSValue JSNPObject::callObject(JSC::ExecState* exec)
         releaseNPVariantValue(&arguments[i]);
 
     if (!returnValue)
-        exec->vm().throwException(exec, createError(exec, "Error calling method on NPObject."));
+        throwException(exec, scope, createError(exec, "Error calling method on NPObject."));
 
     JSValue propertyValue = m_objectMap->convertNPVariantToJSValue(exec, globalObject(), result);
     releaseNPVariantValue(&result);
@@ -186,9 +200,12 @@ JSC::JSValue JSNPObject::callObject(JSC::ExecState* exec)
 
 JSValue JSNPObject::callConstructor(ExecState* exec)
 {
-    ASSERT_GC_OBJECT_INHERITS(this, info());
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    ASSERT_THIS_GC_OBJECT_INHERITS(info());
     if (!m_npObject)
-        return throwInvalidAccessError(exec);
+        return throwInvalidAccessError(exec, scope);
 
     size_t argumentCount = exec->argumentCount();
     Vector<NPVariant, 8> arguments(argumentCount);
@@ -207,13 +224,13 @@ JSValue JSNPObject::callConstructor(ExecState* exec)
     VOID_TO_NPVARIANT(result);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->construct(m_npObject, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
 
     if (!returnValue)
-        exec->vm().throwException(exec, createError(exec, "Error calling method on NPObject."));
+        throwException(exec, scope, createError(exec, "Error calling method on NPObject."));
     
     JSValue value = m_objectMap->convertNPVariantToJSValue(exec, globalObject(), result);
     releaseNPVariantValue(&result);
@@ -222,8 +239,8 @@ JSValue JSNPObject::callConstructor(ExecState* exec)
 
 static EncodedJSValue JSC_HOST_CALL callNPJSObject(ExecState* exec)
 {
-    JSObject* object = exec->callee();
-    ASSERT(object->inherits(JSNPObject::info()));
+    JSObject* object = exec->jsCallee();
+    ASSERT(object->inherits(exec->vm(), JSNPObject::info()));
 
     return JSValue::encode(jsCast<JSNPObject*>(object)->callObject(exec));
 }
@@ -233,16 +250,16 @@ JSC::CallType JSNPObject::getCallData(JSC::JSCell* cell, JSC::CallData& callData
     JSNPObject* thisObject = JSC::jsCast<JSNPObject*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     if (!thisObject->m_npObject || !thisObject->m_npObject->_class->invokeDefault)
-        return CallTypeNone;
+        return CallType::None;
 
     callData.native.function = callNPJSObject;
-    return CallTypeHost;
+    return CallType::Host;
 }
 
 static EncodedJSValue JSC_HOST_CALL constructWithConstructor(ExecState* exec)
 {
-    JSObject* constructor = exec->callee();
-    ASSERT(constructor->inherits(JSNPObject::info()));
+    JSObject* constructor = exec->jsCallee();
+    ASSERT(constructor->inherits(exec->vm(), JSNPObject::info()));
 
     return JSValue::encode(jsCast<JSNPObject*>(constructor)->callConstructor(exec));
 }
@@ -252,22 +269,28 @@ ConstructType JSNPObject::getConstructData(JSCell* cell, ConstructData& construc
     JSNPObject* thisObject = JSC::jsCast<JSNPObject*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     if (!thisObject->m_npObject || !thisObject->m_npObject->_class->construct)
-        return ConstructTypeNone;
+        return ConstructType::None;
 
     constructData.native.function = constructWithConstructor;
-    return ConstructTypeHost;
+    return ConstructType::Host;
 }
 
 bool JSNPObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
 {
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     JSNPObject* thisObject = JSC::jsCast<JSNPObject*>(object);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     if (!thisObject->m_npObject) {
-        throwInvalidAccessError(exec);
+        throwInvalidAccessError(exec, scope);
         return false;
     }
     
     NPIdentifier npIdentifier = npIdentifierFromIdentifier(propertyName);
+    // If the propertyName is symbol.
+    if (!npIdentifier)
+        return false;
 
     // Calling NPClass::invoke will call into plug-in code, and there's no telling what the plug-in can do.
     // (including destroying the plug-in). Because of this, we make sure to keep the plug-in alive until 
@@ -289,24 +312,30 @@ bool JSNPObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyN
     return false;
 }
 
-void JSNPObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot&)
+bool JSNPObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot&)
 {
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     JSNPObject* thisObject = JSC::jsCast<JSNPObject*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     if (!thisObject->m_npObject) {
-        throwInvalidAccessError(exec);
-        return;
+        throwInvalidAccessError(exec, scope);
+        return false;
     }
 
     NPIdentifier npIdentifier = npIdentifierFromIdentifier(propertyName);
+    // If the propertyName is symbol.
+    if (!npIdentifier)
+        return false;
     
     if (!thisObject->m_npObject->_class->hasProperty || !thisObject->m_npObject->_class->hasProperty(thisObject->m_npObject, npIdentifier)) {
         // FIXME: Should we throw an exception here?
-        return;
+        return false;
     }
 
     if (!thisObject->m_npObject->_class->setProperty)
-        return;
+        return false;
 
     NPVariant variant;
     thisObject->m_objectMap->convertJSValueToNPVariant(exec, value, variant);
@@ -316,9 +345,10 @@ void JSNPObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
     // the call has finished.
     NPRuntimeObjectMap::PluginProtector protector(thisObject->m_objectMap);
 
+    bool result = false;
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
-        thisObject->m_npObject->_class->setProperty(thisObject->m_npObject, npIdentifier, &variant);
+        JSLock::DropAllLocks dropAllLocks(commonVM());
+        result = thisObject->m_npObject->_class->setProperty(thisObject->m_npObject, npIdentifier, &variant);
 
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
 
@@ -326,6 +356,7 @@ void JSNPObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
     }
 
     releaseNPVariantValue(&variant);
+    return result;
 }
 
 bool JSNPObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName)
@@ -340,9 +371,17 @@ bool JSNPObject::deletePropertyByIndex(JSCell* cell, ExecState* exec, unsigned p
 
 bool JSNPObject::deleteProperty(ExecState* exec, NPIdentifier propertyName)
 {
-    ASSERT_GC_OBJECT_INHERITS(this, info());
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    ASSERT_THIS_GC_OBJECT_INHERITS(info());
+
+    // If the propertyName is symbol.
+    if (!propertyName)
+        return false;
+
     if (!m_npObject) {
-        throwInvalidAccessError(exec);
+        throwInvalidAccessError(exec, scope);
         return false;
     }
 
@@ -357,7 +396,7 @@ bool JSNPObject::deleteProperty(ExecState* exec, NPIdentifier propertyName)
     NPRuntimeObjectMap::PluginProtector protector(m_objectMap);
 
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
 
         // FIXME: Should we throw an exception if removeProperty returns false?
         if (!m_npObject->_class->removeProperty(m_npObject, propertyName))
@@ -371,10 +410,13 @@ bool JSNPObject::deleteProperty(ExecState* exec, NPIdentifier propertyName)
 
 void JSNPObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNameArray, EnumerationMode)
 {
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     JSNPObject* thisObject = jsCast<JSNPObject*>(object);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
     if (!thisObject->m_npObject) {
-        throwInvalidAccessError(exec);
+        throwInvalidAccessError(exec, scope);
         return;
     }
 
@@ -390,7 +432,7 @@ void JSNPObject::getOwnPropertyNames(JSObject* object, ExecState* exec, Property
     NPRuntimeObjectMap::PluginProtector protector(thisObject->m_objectMap);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
 
         // FIXME: Should we throw an exception if enumerate returns false?
         if (!thisObject->m_npObject->_class->enumerate(thisObject->m_npObject, &identifiers, &identifierCount))
@@ -407,7 +449,7 @@ void JSNPObject::getOwnPropertyNames(JSObject* object, ExecState* exec, Property
             const char* string = identifierRep->string();
             int length = strlen(string);
             
-            identifier = Identifier(exec, String::fromUTF8WithLatin1Fallback(string, length).impl());
+            identifier = Identifier::fromString(exec, String::fromUTF8WithLatin1Fallback(string, length));
         } else
             identifier = Identifier::from(exec, identifierRep->number());
 
@@ -417,13 +459,16 @@ void JSNPObject::getOwnPropertyNames(JSObject* object, ExecState* exec, Property
     npnMemFree(identifiers);
 }
 
-EncodedJSValue JSNPObject::propertyGetter(ExecState* exec, EncodedJSValue slotBase, EncodedJSValue, PropertyName propertyName)
+EncodedJSValue JSNPObject::propertyGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName propertyName)
 {
-    JSNPObject* thisObj = jsCast<JSNPObject*>(JSValue::decode(slotBase));
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSNPObject* thisObj = jsCast<JSNPObject*>(JSValue::decode(thisValue));
     ASSERT_GC_OBJECT_INHERITS(thisObj, info());
     
     if (!thisObj->m_npObject)
-        return JSValue::encode(throwInvalidAccessError(exec));
+        return JSValue::encode(throwInvalidAccessError(exec, scope));
 
     if (!thisObj->m_npObject->_class->getProperty)
         return JSValue::encode(jsUndefined());
@@ -438,8 +483,12 @@ EncodedJSValue JSNPObject::propertyGetter(ExecState* exec, EncodedJSValue slotBa
     
     bool returnValue;
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         NPIdentifier npIdentifier = npIdentifierFromIdentifier(propertyName);
+        // If the propertyName is symbol.
+        if (!npIdentifier)
+            return JSValue::encode(jsUndefined());
+
         returnValue = thisObj->m_npObject->_class->getProperty(thisObj->m_npObject, npIdentifier, &result);
         
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
@@ -453,21 +502,28 @@ EncodedJSValue JSNPObject::propertyGetter(ExecState* exec, EncodedJSValue slotBa
     return JSValue::encode(propertyValue);
 }
 
-EncodedJSValue JSNPObject::methodGetter(ExecState* exec, EncodedJSValue slotBase, EncodedJSValue, PropertyName propertyName)
+EncodedJSValue JSNPObject::methodGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName propertyName)
 {
-    JSNPObject* thisObj = jsCast<JSNPObject*>(JSValue::decode(slotBase));
+    VM& vm = exec->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    JSNPObject* thisObj = jsCast<JSNPObject*>(JSValue::decode(thisValue));
     ASSERT_GC_OBJECT_INHERITS(thisObj, info());
     
     if (!thisObj->m_npObject)
-        return JSValue::encode(throwInvalidAccessError(exec));
+        return JSValue::encode(throwInvalidAccessError(exec, scope));
 
     NPIdentifier npIdentifier = npIdentifierFromIdentifier(propertyName);
+    // If the propertyName is symbol.
+    if (!npIdentifier)
+        return JSValue::encode(throwInvalidAccessError(exec, scope));
+
     return JSValue::encode(JSNPMethod::create(exec, thisObj->globalObject(), propertyName.publicName(), npIdentifier));
 }
 
-JSObject* JSNPObject::throwInvalidAccessError(ExecState* exec)
+JSObject* JSNPObject::throwInvalidAccessError(ExecState* exec, ThrowScope& scope)
 {
-    return exec->vm().throwException(exec, createReferenceError(exec, "Trying to access object from destroyed plug-in."));
+    return throwException(exec, scope, createReferenceError(exec, "Trying to access object from destroyed plug-in."));
 }
 
 } // namespace WebKit