Ticket #2241: FixSpidermonkeyWrappers_v1.1.diff​

Index: source/scriptinterface/ScriptExtraHeaders.h
===================================================================
--- source/scriptinterface/ScriptExtraHeaders.h (Revision 14215)
+++ source/scriptinterface/ScriptExtraHeaders.h (Arbeitskopie)
@@ -62,4 +62,14 @@
 # endif
 #endif

+/*
+ * The official version of the SpiderMonkey 1.8.5 library has a bug when cloning objects with wrappers.
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=667388
+ *
+ * 0 A.D. will not work properly if this bug is not fixed in your version of the SpiderMonkey library!
+ * Check this link for background information and information about how to solve the problem.
+ * http://trac.wildfiregames.com/ticket/2241
+ */
+cassert(FIX_FOR_CLONING_WRAPPERS_APPLIED);
+
 #endif // INCLUDED_SCRIPTEXTRAHEADERS
Index: libraries/source/spidermonkey/build.sh
===================================================================
--- libraries/source/spidermonkey/build.sh  (Revision 14215)
+++ libraries/source/spidermonkey/build.sh  (Arbeitskopie)
@@ -50,6 +50,7 @@
 # Apply patches
 patch -p0 < openbsd-spidermonkey-650742.diff
 patch -p0 < openbsd-spidermonkey-634609.diff
+patch -p0 < wrapper-patch.diff

 cd js-1.8.5/js/src

Index: libraries/source/spidermonkey/wrapper-patch.diff
===================================================================
--- libraries/source/spidermonkey/wrapper-patch.diff    (Revision 0)
+++ libraries/source/spidermonkey/wrapper-patch.diff    (Arbeitskopie)
@@ -0,0 +1,67 @@
+--- js-1.8.5/js/src/jsversion.h    2013-11-17 12:08:26.068159175 +0100
++++ js-1.8.5/js/src/jsversion.h    2013-11-21 19:09:57.536779617 +0100
+@@ -219,3 +219,12 @@
+  * support likely to be made opt-in at some future time.
+  */
+ #define OLD_GETTER_SETTER_METHODS       1
++
++/*
++ * The official version of the SpiderMonkey 1.8.5 library has a bug when cloning objects with wrappers.
++ * https://bugzilla.mozilla.org/show_bug.cgi?id=667388
++ * Users of the library can check for FIX_FOR_CLONING_WRAPPERS_APPLIED to inform package maintainers
++ * and people who compile from source that this fix is required for the software to work properly
++ * (with static_assert or something similar).
++ */
++#define FIX_FOR_CLONING_WRAPPERS_APPLIED 1
+--- js-1.8.5/js/src/jsclone.cpp
++++ js-1.8.5/js/src/jsclone.cpp
+@@ -40,6 +40,7 @@
+ #include "jsdate.h"
+ #include "jsregexp.h"
+ #include "jstypedarray.h"
++#include "jswrapper.h"
+
+ #include "jsregexpinlines.h"
+
+@@ -503,6 +504,8 @@
+ bool
+ JSStructuredCloneWriter::startWrite(const js::Value &v)
+ {
++    assertSameCompartment(context(), v);
++
+     if (v.isString()) {
+         return writeString(SCTAG_STRING, v.toString());
+     } else if (v.isNumber()) {
+@@ -515,6 +518,19 @@
+         return out.writePair(SCTAG_UNDEFINED, 0);
+     } else if (v.isObject()) {
+         JSObject *obj = &v.toObject();
++
++        // The object might be a security wrapper. See if we can clone what's
++        // behind it. If we can, unwrap the object.
++        obj = JS_UnwrapObject(context(), obj);
++        if (!obj)
++            return false;
++
++        // If we unwrapped above, we'll need to enter the underlying compartment.
++        // Let the AutoEnterCompartment do the right thing for us.
++        JSAutoEnterCompartment ac;
++        if (!ac.enter(context(), obj))
++            return false;
++
+         if (obj->isRegExp()) {
+             RegExp *re = RegExp::extractFrom(obj);
+             return out.writePair(SCTAG_REGEXP_OBJECT, re->getFlags()) &&
+@@ -554,6 +570,12 @@
+
+     while (!counts.empty()) {
+         JSObject *obj = &objs.back().toObject();
++
++        // The objects in |obj| can live in other compartments.
++        JSAutoEnterCompartment ac;
++        if (!ac.enter(context(), obj))
++            return false;
++
+         if (counts.back()) {
+             counts.back()--;
+             jsid id = ids.back();