Nur in js-1.8.5-edited/js/src: build-debug.
Nur in js-1.8.5-edited/js/src: build-release.
diff -u -r js-1.8.5/js/src/jsclone.cpp js-1.8.5-edited/js/src/jsclone.cpp
old
|
new
|
|
40 | 40 | #include "jsdate.h" |
41 | 41 | #include "jsregexp.h" |
42 | 42 | #include "jstypedarray.h" |
| 43 | #include "jswrapper.h" |
43 | 44 | |
44 | 45 | #include "jsregexpinlines.h" |
45 | 46 | |
… |
… |
|
503 | 504 | bool |
504 | 505 | JSStructuredCloneWriter::startWrite(const js::Value &v) |
505 | 506 | { |
| 507 | assertSameCompartment(context(), v); |
| 508 | |
506 | 509 | if (v.isString()) { |
507 | 510 | return writeString(SCTAG_STRING, v.toString()); |
508 | 511 | } else if (v.isNumber()) { |
… |
… |
|
515 | 518 | return out.writePair(SCTAG_UNDEFINED, 0); |
516 | 519 | } else if (v.isObject()) { |
517 | 520 | JSObject *obj = &v.toObject(); |
| 521 | |
| 522 | // The object might be a security wrapper. See if we can clone what's |
| 523 | // behind it. If we can, unwrap the object. |
| 524 | obj = JS_UnwrapObject(context(), obj); |
| 525 | if (!obj) |
| 526 | return false; |
| 527 | |
| 528 | // If we unwrapped above, we'll need to enter the underlying compartment. |
| 529 | // Let the AutoEnterCompartment do the right thing for us. |
| 530 | JSAutoEnterCompartment ac; |
| 531 | if (!ac.enter(context(), obj)) |
| 532 | return false; |
| 533 | |
518 | 534 | if (obj->isRegExp()) { |
519 | 535 | RegExp *re = RegExp::extractFrom(obj); |
520 | 536 | return out.writePair(SCTAG_REGEXP_OBJECT, re->getFlags()) && |
… |
… |
|
554 | 570 | |
555 | 571 | while (!counts.empty()) { |
556 | 572 | JSObject *obj = &objs.back().toObject(); |
| 573 | |
| 574 | // The objects in |obj| can live in other compartments. |
| 575 | JSAutoEnterCompartment ac; |
| 576 | if (!ac.enter(context(), obj)) |
| 577 | return false; |
| 578 | |
557 | 579 | if (counts.back()) { |
558 | 580 | counts.back()--; |
559 | 581 | jsid id = ids.back(); |