From efb59b7ecdc8cd2a51b395e68e9bb072e1965469 Mon Sep 17 00:00:00 2001 From: Imanol Fernandez Date: Mon, 17 Apr 2017 19:39:22 +0200 Subject: [PATCH] Fix unsafe Heap constructor usage in DOM objects --- .../script/dom/extendablemessageevent.rs | 4 +- components/script/dom/gamepad.rs | 38 ++++++-------- components/script/dom/messageevent.rs | 7 ++- components/script/dom/vreyeparameters.rs | 28 +++++----- components/script/dom/vrframedata.rs | 51 ++++++++++--------- components/script/dom/vrpose.rs | 4 +- components/script/dom/vrstageparameters.rs | 30 +++++------ 7 files changed, 80 insertions(+), 82 deletions(-) diff --git a/components/script/dom/extendablemessageevent.rs b/components/script/dom/extendablemessageevent.rs index 49c461083f2a..6c72655ec4c1 100644 --- a/components/script/dom/extendablemessageevent.rs +++ b/components/script/dom/extendablemessageevent.rs @@ -35,7 +35,7 @@ impl ExtendableMessageEvent { -> Root { let ev = box ExtendableMessageEvent { event: ExtendableEvent::new_inherited(), - data: Heap::new(data.get()), + data: Heap::default(), origin: origin, lastEventId: lastEventId, }; @@ -44,6 +44,8 @@ impl ExtendableMessageEvent { let event = ev.upcast::(); event.init_event(type_, bubbles, cancelable); } + ev.data.set(data.get()); + ev } diff --git a/components/script/dom/gamepad.rs b/components/script/dom/gamepad.rs index f9f28fc8c51a..cb0c20ac50e5 100644 --- a/components/script/dom/gamepad.rs +++ b/components/script/dom/gamepad.rs @@ -20,7 +20,6 @@ use dom_struct::dom_struct; use js::jsapi::{Heap, JSContext, JSObject}; use js::typedarray::{Float64Array, CreateWith}; use std::cell::Cell; -use std::ptr; use webvr_traits::{WebVRGamepadData, WebVRGamepadHand, WebVRGamepadState}; #[dom_struct] @@ -47,7 +46,6 @@ impl Gamepad { connected: bool, timestamp: f64, mapping_type: String, - axes: *mut JSObject, buttons: &GamepadButtonList, pose: Option<&VRPose>, hand: WebVRGamepadHand, @@ -60,7 +58,7 @@ impl Gamepad { connected: Cell::new(connected), timestamp: Cell::new(timestamp), mapping_type: mapping_type, - axes: Heap::new(axes), + axes: Heap::default(), buttons: JS::from_ref(buttons), pose: pose.map(JS::from_ref), hand: hand, @@ -75,28 +73,24 @@ impl Gamepad { state: &WebVRGamepadState) -> Root { let buttons = GamepadButtonList::new_from_vr(&global, &state.buttons); let pose = VRPose::new(&global, &state.pose); - let cx = global.get_cx(); - rooted!(in (cx) let mut axes = ptr::null_mut()); + + let gamepad = reflect_dom_object(box Gamepad::new_inherited(state.gamepad_id, + data.name.clone(), + index, + state.connected, + state.timestamp, + "".into(), + &buttons, + Some(&pose), + data.hand.clone(), + data.display_id), + global, + GamepadBinding::Wrap); unsafe { - let _ = Float64Array::create(cx, - CreateWith::Slice(&state.axes), - axes.handle_mut()); + let _ = Float64Array::create(global.get_cx(), CreateWith::Slice(&state.axes), gamepad.axes.handle_mut()); } - reflect_dom_object(box Gamepad::new_inherited(state.gamepad_id, - data.name.clone(), - index, - state.connected, - state.timestamp, - "".into(), - axes.get(), - &buttons, - Some(&pose), - data.hand.clone(), - data.display_id), - global, - GamepadBinding::Wrap) - + gamepad } } diff --git a/components/script/dom/messageevent.rs b/components/script/dom/messageevent.rs index 0bbeeb05cd7c..4b49840b9c4e 100644 --- a/components/script/dom/messageevent.rs +++ b/components/script/dom/messageevent.rs @@ -41,11 +41,14 @@ impl MessageEvent { lastEventId: DOMString) -> Root { let ev = box MessageEvent { event: Event::new_inherited(), - data: Heap::new(data.get()), + data: Heap::default(), origin: origin, lastEventId: lastEventId, }; - reflect_dom_object(ev, global, MessageEventBinding::Wrap) + let ev = reflect_dom_object(ev, global, MessageEventBinding::Wrap); + ev.data.set(data.get()); + + ev } pub fn new(global: &GlobalScope, type_: Atom, diff --git a/components/script/dom/vreyeparameters.rs b/components/script/dom/vreyeparameters.rs index 0c429fee78a7..af39c7896386 100644 --- a/components/script/dom/vreyeparameters.rs +++ b/components/script/dom/vreyeparameters.rs @@ -28,29 +28,29 @@ pub struct VREyeParameters { unsafe_no_jsmanaged_fields!(WebVREyeParameters); impl VREyeParameters { - #[allow(unsafe_code)] - #[allow(unrooted_must_root)] - fn new_inherited(parameters: WebVREyeParameters, global: &GlobalScope) -> VREyeParameters { - let fov = VRFieldOfView::new(&global, parameters.field_of_view.clone()); - let result = VREyeParameters { + fn new_inherited(parameters: WebVREyeParameters, fov: &VRFieldOfView) -> VREyeParameters { + VREyeParameters { reflector_: Reflector::new(), parameters: DOMRefCell::new(parameters), offset: Heap::default(), fov: JS::from_ref(&*fov) - }; + } + } + + #[allow(unsafe_code)] + pub fn new(parameters: WebVREyeParameters, global: &GlobalScope) -> Root { + let fov = VRFieldOfView::new(&global, parameters.field_of_view.clone()); + let eye_parameters = reflect_dom_object(box VREyeParameters::new_inherited(parameters, &fov), + global, + VREyeParametersBinding::Wrap); unsafe { let _ = Float32Array::create(global.get_cx(), - CreateWith::Slice(&result.parameters.borrow().offset), - result.offset.handle_mut()); + CreateWith::Slice(&eye_parameters.parameters.borrow().offset), + eye_parameters.offset.handle_mut()); } - result - } - pub fn new(parameters: WebVREyeParameters, global: &GlobalScope) -> Root { - reflect_dom_object(box VREyeParameters::new_inherited(parameters, global), - global, - VREyeParametersBinding::Wrap) + eye_parameters } } diff --git a/components/script/dom/vrframedata.rs b/components/script/dom/vrframedata.rs index 5b153a2a43ec..eef69e5ff469 100644 --- a/components/script/dom/vrframedata.rs +++ b/components/script/dom/vrframedata.rs @@ -31,16 +31,8 @@ pub struct VRFrameData { } impl VRFrameData { - #[allow(unsafe_code)] - #[allow(unrooted_must_root)] - fn new(global: &GlobalScope) -> Root { - let matrix = [1.0, 0.0, 0.0, 0.0, - 0.0, 1.0, 0.0, 0.0, - 0.0, 0.0, 1.0, 0.0, - 0.0, 0.0, 0.0, 1.0f32]; - let pose = VRPose::new(&global, &Default::default()); - - let framedata = VRFrameData { + fn new_inherited(pose: &VRPose) -> VRFrameData { + VRFrameData { reflector_: Reflector::new(), left_proj: Heap::default(), left_view: Heap::default(), @@ -49,23 +41,25 @@ impl VRFrameData { pose: JS::from_ref(&*pose), timestamp: Cell::new(0.0), first_timestamp: Cell::new(0.0) - }; + } + } - let root = reflect_dom_object(box framedata, - global, - VRFrameDataBinding::Wrap); + #[allow(unsafe_code)] + fn new(global: &GlobalScope) -> Root { + let matrix = [1.0, 0.0, 0.0, 0.0, + 0.0, 1.0, 0.0, 0.0, + 0.0, 0.0, 1.0, 0.0, + 0.0, 0.0, 0.0, 1.0f32]; + let pose = VRPose::new(&global, &Default::default()); - unsafe { - let ref framedata = *root; - let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix), - framedata.left_proj.handle_mut()); - let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix), - framedata.left_view.handle_mut()); - let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix), - framedata.right_proj.handle_mut()); - let _ = Float32Array::create(global.get_cx(), CreateWith::Slice(&matrix), - framedata.right_view.handle_mut()); - } + let root = reflect_dom_object(box VRFrameData::new_inherited(&pose), + global, + VRFrameDataBinding::Wrap); + let cx = global.get_cx(); + create_typed_array(cx, &matrix, &root.left_proj); + create_typed_array(cx, &matrix, &root.left_view); + create_typed_array(cx, &matrix, &root.right_proj); + create_typed_array(cx, &matrix, &root.right_view); root } @@ -76,6 +70,13 @@ impl VRFrameData { } +#[allow(unsafe_code)] +fn create_typed_array(cx: *mut JSContext, src: &[f32], dst: &Heap<*mut JSObject>) { + unsafe { + let _ = Float32Array::create(cx, CreateWith::Slice(src), dst.handle_mut()); + } +} + impl VRFrameData { #[allow(unsafe_code)] pub fn update(&self, data: &WebVRFrameData) { diff --git a/components/script/dom/vrpose.rs b/components/script/dom/vrpose.rs index ee035e2a0f19..542059ca799f 100644 --- a/components/script/dom/vrpose.rs +++ b/components/script/dom/vrpose.rs @@ -32,9 +32,7 @@ unsafe fn update_or_create_typed_array(cx: *mut JSContext, match src { Some(data) => { if dst.get().is_null() { - rooted!(in (cx) let mut array = ptr::null_mut()); - let _ = Float32Array::create(cx, CreateWith::Slice(data), array.handle_mut()); - (*dst).set(array.get()); + let _ = Float32Array::create(cx, CreateWith::Slice(data), dst.handle_mut()); } else { typedarray!(in(cx) let array: Float32Array = dst.get()); if let Ok(mut array) = array { diff --git a/components/script/dom/vrstageparameters.rs b/components/script/dom/vrstageparameters.rs index 0bc319466c32..e709411c25a4 100644 --- a/components/script/dom/vrstageparameters.rs +++ b/components/script/dom/vrstageparameters.rs @@ -26,28 +26,28 @@ pub struct VRStageParameters { unsafe_no_jsmanaged_fields!(WebVRStageParameters); impl VRStageParameters { - #[allow(unsafe_code)] - #[allow(unrooted_must_root)] - fn new_inherited(parameters: WebVRStageParameters, global: &GlobalScope) -> VRStageParameters { - let stage = VRStageParameters { + fn new_inherited(parameters: WebVRStageParameters) -> VRStageParameters { + VRStageParameters { reflector_: Reflector::new(), parameters: DOMRefCell::new(parameters), transform: Heap::default() - }; - // XXX unsound! - unsafe { - let _ = Float32Array::create(global.get_cx(), - CreateWith::Slice(&stage.parameters.borrow().sitting_to_standing_transform), - stage.transform.handle_mut()); } - - stage } + #[allow(unsafe_code)] pub fn new(parameters: WebVRStageParameters, global: &GlobalScope) -> Root { - reflect_dom_object(box VRStageParameters::new_inherited(parameters, global), - global, - VRStageParametersBinding::Wrap) + let cx = global.get_cx(); + let stage_parameters = reflect_dom_object(box VRStageParameters::new_inherited(parameters), + global, + VRStageParametersBinding::Wrap); + unsafe { + let source = &stage_parameters.parameters.borrow().sitting_to_standing_transform; + let _ = Float32Array::create(cx, + CreateWith::Slice(source), + stage_parameters.transform.handle_mut()); + } + + stage_parameters } #[allow(unsafe_code)]