Skip to content

Commit

Permalink
Fix unsafe Heap constructor usage in DOM objects
Browse files Browse the repository at this point in the history
  • Loading branch information
@MortimerGoro
MortimerGoro committed May 3, 2017
1 parent ed7686b commit efb59b7
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 82 deletions.
4 changes: 3 additions & 1 deletion components/script/dom/extendablemessageevent.rs
View file
Expand Up @@ -35,7 +35,7 @@ impl ExtendableMessageEvent {
-> Root<ExtendableMessageEvent> {
let ev = box ExtendableMessageEvent {
event: ExtendableEvent::new_inherited(),
data: Heap::new(data.get()),
data: Heap::default(),
origin: origin,
lastEventId: lastEventId,
};
Expand All @@ -44,6 +44,8 @@ impl ExtendableMessageEvent {
let event = ev.upcast::<Event>();
event.init_event(type_, bubbles, cancelable);
}
ev.data.set(data.get());

ev
}

Expand Down
38 changes: 16 additions & 22 deletions components/script/dom/gamepad.rs
View file
Expand Up @@ -20,7 +20,6 @@ use dom_struct::dom_struct;
use js::jsapi::{Heap, JSContext, JSObject};
use js::typedarray::{Float64Array, CreateWith};
use std::cell::Cell;
use std::ptr;
use webvr_traits::{WebVRGamepadData, WebVRGamepadHand, WebVRGamepadState};

#[dom_struct]
Expand All @@ -47,7 +46,6 @@ impl Gamepad {
connected: bool,
timestamp: f64,
mapping_type: String,
axes: *mut JSObject,
buttons: &GamepadButtonList,
pose: Option<&VRPose>,
hand: WebVRGamepadHand,
Expand All @@ -60,7 +58,7 @@ impl Gamepad {
connected: Cell::new(connected),
timestamp: Cell::new(timestamp),
mapping_type: mapping_type,
axes: Heap::new(axes),
axes: Heap::default(),
buttons: JS::from_ref(buttons),
pose: pose.map(JS::from_ref),
hand: hand,
Expand All @@ -75,28 +73,24 @@ impl Gamepad {
state: &WebVRGamepadState) -> Root<Gamepad> {
let buttons = GamepadButtonList::new_from_vr(&global, &state.buttons);
let pose = VRPose::new(&global, &state.pose);
let cx = global.get_cx();
rooted!(in (cx) let mut axes = ptr::null_mut());

let gamepad = reflect_dom_object(box Gamepad::new_inherited(state.gamepad_id,
data.name.clone(),
index,
state.connected,
state.timestamp,
"".into(),
&buttons,
Some(&pose),
data.hand.clone(),
data.display_id),
global,
GamepadBinding::Wrap);
unsafe {
let _ = Float64Array::create(cx,
CreateWith::Slice(&state.axes),
axes.handle_mut());
let _ = Float64Array::create(global.get_cx(), CreateWith::Slice(&state.axes), gamepad.axes.handle_mut());
}

reflect_dom_object(box Gamepad::new_inherited(state.gamepad_id,
data.name.clone(),
index,
state.connected,
state.timestamp,
"".into(),
axes.get(),
&buttons,
Some(&pose),
data.hand.clone(),
data.display_id),
global,
GamepadBinding::Wrap)

gamepad
}
}

Expand Down
7 changes: 5 additions & 2 deletions components/script/dom/messageevent.rs
View file
Expand Up @@ -41,11 +41,14 @@ impl MessageEvent {
lastEventId: DOMString) -> Root<MessageEvent> {
let ev = box MessageEvent {
event: Event::new_inherited(),
data: Heap::new(data.get()),
data: Heap::default(),
origin: origin,
lastEventId: lastEventId,
};
reflect_dom_object(ev, global, MessageEventBinding::Wrap)
let ev = reflect_dom_object(ev, global, MessageEventBinding::Wrap);
ev.data.set(data.get());

ev
}

pub fn new(global: &GlobalScope, type_: Atom,
Expand Down
28 changes: 14 additions & 14 deletions components/script/dom/vreyeparameters.rs
View file
Expand Up @@ -28,29 +28,29 @@ pub struct VREyeParameters {
unsafe_no_jsmanaged_fields!(WebVREyeParameters);

impl VREyeParameters {
#[allow(unsafe_code)]
#[allow(unrooted_must_root)]
fn new_inherited(parameters: WebVREyeParameters, global: &GlobalScope) -> VREyeParameters {
let fov = VRFieldOfView::new(&global, parameters.field_of_view.clone());
let result = VREyeParameters {
fn new_inherited(parameters: WebVREyeParameters, fov: &VRFieldOfView) -> VREyeParameters {
VREyeParameters {
reflector_: Reflector::new(),
parameters: DOMRefCell::new(parameters),
offset: Heap::default(),
fov: JS::from_ref(&*fov)
};
}
}

#[allow(unsafe_code)]
pub fn new(parameters: WebVREyeParameters, global: &GlobalScope) -> Root<VREyeParameters> {
let fov = VRFieldOfView::new(&global, parameters.field_of_view.clone());

let eye_parameters = reflect_dom_object(box VREyeParameters::new_inherited(parameters, &fov),
global,
VREyeParametersBinding::Wrap);
unsafe {
let _ = Float32Array::create(global.get_cx(),
CreateWith::Slice(&result.parameters.borrow().offset),
result.offset.handle_mut());
CreateWith::Slice(&eye_parameters.parameters.borrow().offset),
eye_parameters.offset.handle_mut());
}
result
}

pub fn new(parameters: WebVREyeParameters, global: &GlobalScope) -> Root<VREyeParameters> {
reflect_dom_object(box VREyeParameters::new_inherited(parameters, global),
global,
VREyeParametersBinding::Wrap)
eye_parameters
}
}

Expand Down
51 changes: 26 additions & 25 deletions components/script/dom/vrframedata.rs
View file
Expand Up @@ -31,16 +31,8 @@ pub struct VRFrameData {
}

impl VRFrameData {
#[allow(unsafe_code)]
#[allow(unrooted_must_root)]
fn new(global: &GlobalScope) -> Root<VRFrameData> {
let matrix = [1.0, 0.0, 0.0, 0.0,
0.0, 1.0, 0.0, 0.0,
0.0, 0.0, 1.0, 0.0,
0.0, 0.0, 0.0, 1.0f32];
let pose = VRPose::new(&global, &Default::default());

let framedata = VRFrameData {
fn new_inherited(pose: &VRPose) -> VRFrameData {
VRFrameData {
reflector_: Reflector::new(),
left_proj: Heap::default(),
left_view: Heap::default(),
Expand All @@ -49,23 +41,25 @@ impl VRFrameData {
pose: JS::from_ref(&*pose),
timestamp: Cell::new(0.0),
first_timestamp: Cell::new(0.0)
};
}
}

let root = reflect_dom_object(box framedata,
global,
VRFrameDataBinding::Wrap);
#[allow(unsafe_code)]
fn new(global: &GlobalScope) -> Root<VRFrameData> {
let matrix = [1.0, 0.0, 0.0, 0.0,
0.0, 1.0, 0.0, 0.0,
0.0, 0.0, 1.0, 0.0,
0.0, 0.0, 0.0, 1.0f32];
let pose = VRPose::new(&global, &Default::default());

unsafe {
let ref framedata = *root;
let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix),
framedata.left_proj.handle_mut());
let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix),
framedata.left_view.handle_mut());
let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix),
framedata.right_proj.handle_mut());
let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix),
framedata.right_view.handle_mut());
}
let root = reflect_dom_object(box VRFrameData::new_inherited(&pose),
global,
VRFrameDataBinding::Wrap);
let cx = global.get_cx();
create_typed_array(cx, &matrix, &root.left_proj);
create_typed_array(cx, &matrix, &root.left_view);
create_typed_array(cx, &matrix, &root.right_proj);
create_typed_array(cx, &matrix, &root.right_view);

root
}
Expand All @@ -76,6 +70,13 @@ impl VRFrameData {
}


#[allow(unsafe_code)]
fn create_typed_array(cx: *mut JSContext, src: &[f32], dst: &Heap<*mut JSObject>) {
unsafe {
let _ = Float32Array::create(cx, CreateWith::Slice(src), dst.handle_mut());
}
}

impl VRFrameData {
#[allow(unsafe_code)]
pub fn update(&self, data: &WebVRFrameData) {
Expand Down
4 changes: 1 addition & 3 deletions components/script/dom/vrpose.rs
View file
Expand Up @@ -32,9 +32,7 @@ unsafe fn update_or_create_typed_array(cx: *mut JSContext,
match src {
Some(data) => {
if dst.get().is_null() {
rooted!(in (cx) let mut array = ptr::null_mut());
let _ = Float32Array::create(cx, CreateWith::Slice(data), array.handle_mut());
(*dst).set(array.get());
let _ = Float32Array::create(cx, CreateWith::Slice(data), dst.handle_mut());
} else {
typedarray!(in(cx) let array: Float32Array = dst.get());
if let Ok(mut array) = array {
Expand Down
30 changes: 15 additions & 15 deletions components/script/dom/vrstageparameters.rs
View file
Expand Up @@ -26,28 +26,28 @@ pub struct VRStageParameters {
unsafe_no_jsmanaged_fields!(WebVRStageParameters);

impl VRStageParameters {
#[allow(unsafe_code)]
#[allow(unrooted_must_root)]
fn new_inherited(parameters: WebVRStageParameters, global: &GlobalScope) -> VRStageParameters {
let stage = VRStageParameters {
fn new_inherited(parameters: WebVRStageParameters) -> VRStageParameters {
VRStageParameters {
reflector_: Reflector::new(),
parameters: DOMRefCell::new(parameters),
transform: Heap::default()
};
// XXX unsound!
unsafe {
let _ = Float32Array::create(global.get_cx(),
CreateWith::Slice(&stage.parameters.borrow().sitting_to_standing_transform),
stage.transform.handle_mut());
}

stage
}

#[allow(unsafe_code)]
pub fn new(parameters: WebVRStageParameters, global: &GlobalScope) -> Root<VRStageParameters> {
reflect_dom_object(box VRStageParameters::new_inherited(parameters, global),
global,
VRStageParametersBinding::Wrap)
let cx = global.get_cx();
let stage_parameters = reflect_dom_object(box VRStageParameters::new_inherited(parameters),
global,
VRStageParametersBinding::Wrap);
unsafe {
let source = &stage_parameters.parameters.borrow().sitting_to_standing_transform;
let _ = Float32Array::create(cx,
CreateWith::Slice(source),
stage_parameters.transform.handle_mut());
}

stage_parameters
}

#[allow(unsafe_code)]
Expand Down

0 comments on commit efb59b7

Please sign in to comment.