// This checks if a DOM object that is about to be wrapped is valid.
// Specifically, it checks that a vtable of the DOM object is equal to
// a vtable of an expected class.
// Due to a dangling pointer, the DOM object you are wrapping might be
// already freed or realloced. If freed, the check will fail because
// a free list pointer should be stored at the head of the DOM object.
// If realloced, the check will fail because the vtable of the DOM object
// differs from the expected vtable (unless the same class of DOM object
// is realloced on the slot).
inline void checkTypeOrDieTrying(TestSerializedScriptValueInterface* object)
{
void* actualVTablePointer = *(reinterpret_cast<void**>(object));
#if defined(OS_WIN)
void* expectedVTablePointer = reinterpret_cast<void*>(__identifier("??_7TestSerializedScriptValueInterface@WebCore@@6B@"));
#else
void* expectedVTablePointer = &_ZTVN7WebCore34TestSerializedScriptValueInterfaceE[2];
#endif
if (actualVTablePointer != expectedVTablePointer)
CRASH();
}
inline void checkTypeOrDieTrying(TestCustomNamedGetter* object)
{
void* actualVTablePointer = *(reinterpret_cast<void**>(object));
#if defined(OS_WIN)
void* expectedVTablePointer = reinterpret_cast<void*>(__identifier("??_7TestCustomNamedGetter@WebCore@@6B@"));
#else
void* expectedVTablePointer = &_ZTVN7WebCore21TestCustomNamedGetterE[2];
#endif
if (actualVTablePointer != expectedVTablePointer)
CRASH();
}
// This checks if a DOM object that is about to be wrapped is valid.
// Specifically, it checks that a vtable of the DOM object is equal to
// a vtable of an expected class.
// Due to a dangling pointer, the DOM object you are wrapping might be
// already freed or realloced. If freed, the check will fail because
// a free list pointer should be stored at the head of the DOM object.
// If realloced, the check will fail because the vtable of the DOM object
// differs from the expected vtable (unless the same class of DOM object
// is realloced on the slot).
inline void checkTypeOrDieTrying(TestOverloadedConstructors* object)
{
void* actualVTablePointer = *(reinterpret_cast<void**>(object));
#if defined(OS_WIN)
void* expectedVTablePointer = reinterpret_cast<void*>(__identifier("??_7TestOverloadedConstructors@WebCore@@6B@"));
#else
void* expectedVTablePointer = &_ZTVN7WebCore26TestOverloadedConstructorsE[2];
#endif
if (actualVTablePointer != expectedVTablePointer)
CRASH();
}
JSC::JSValue toJSNewlyCreated(JSC::ExecState*, JSDOMGlobalObject* globalObject, Ref<TestNamedDeleterNoIdentifier>&& impl)
{
#if ENABLE(BINDING_INTEGRITY)
void* actualVTablePointer = *(reinterpret_cast<void**>(impl.ptr()));
#if PLATFORM(WIN)
void* expectedVTablePointer = WTF_PREPARE_VTBL_POINTER_FOR_INSPECTION(__identifier("??_7TestNamedDeleterNoIdentifier@WebCore@@6B@"));
#else
void* expectedVTablePointer = WTF_PREPARE_VTBL_POINTER_FOR_INSPECTION(&_ZTVN7WebCore28TestNamedDeleterNoIdentifierE[2]);
#endif
// If this fails TestNamedDeleterNoIdentifier does not have a vtable, so you need to add the
// ImplementationLacksVTable attribute to the interface definition
static_assert(std::is_polymorphic<TestNamedDeleterNoIdentifier>::value, "TestNamedDeleterNoIdentifier is not polymorphic");
// If you hit this assertion you either have a use after free bug, or
// TestNamedDeleterNoIdentifier has subclasses. If TestNamedDeleterNoIdentifier has subclasses that get passed
// to toJS() we currently require TestNamedDeleterNoIdentifier you to opt out of binding hardening
// by adding the SkipVTableValidation attribute to the interface IDL definition
RELEASE_ASSERT(actualVTablePointer == expectedVTablePointer);
#endif
return createWrapper<TestNamedDeleterNoIdentifier>(globalObject, WTFMove(impl));
}
