// Given a cross-compartment wrapper |wobj|, update it to point to
// |newTarget|. This recomputes the wrapper with JS_WrapValue, and thus can be
// useful even if wrapper already points to newTarget.
bool
js::RemapWrapper(JSContext *cx, JSObject *wobjArg, JSObject *newTargetArg)
{
RootedObject wobj(cx, wobjArg);
RootedObject newTarget(cx, newTargetArg);
JS_ASSERT(IsCrossCompartmentWrapper(wobj));
JS_ASSERT(!IsCrossCompartmentWrapper(newTarget));
JSObject *origTarget = Wrapper::wrappedObject(wobj);
JS_ASSERT(origTarget);
Value origv = ObjectValue(*origTarget);
JSCompartment *wcompartment = wobj->compartment();
AutoDisableProxyCheck adpc(cx->runtime);
// If we're mapping to a different target (as opposed to just recomputing
// for the same target), we must not have an existing wrapper for the new
// target, otherwise this will break.
JS_ASSERT_IF(origTarget != newTarget,
!wcompartment->lookupWrapper(ObjectValue(*newTarget)));
// The old value should still be in the cross-compartment wrapper map, and
// the lookup should return wobj.
WrapperMap::Ptr p = wcompartment->lookupWrapper(origv);
JS_ASSERT(&p->value.unsafeGet()->toObject() == wobj);
wcompartment->removeWrapper(p);
// When we remove origv from the wrapper map, its wrapper, wobj, must
// immediately cease to be a cross-compartment wrapper. Neuter it.
NukeCrossCompartmentWrapper(cx, wobj);
// First, we wrap it in the new compartment. We try to use the existing
// wrapper, |wobj|, since it's been nuked anyway. The wrap() function has
// the choice to reuse |wobj| or not.
RootedObject tobj(cx, newTarget);
AutoCompartment ac(cx, wobj);
if (!wcompartment->wrap(cx, tobj.address(), wobj))
MOZ_CRASH();
// If wrap() reused |wobj|, it will have overwritten it and returned with
// |tobj == wobj|. Otherwise, |tobj| will point to a new wrapper and |wobj|
// will still be nuked. In the latter case, we replace |wobj| with the
// contents of the new wrapper in |tobj|.
if (tobj != wobj) {
// Now, because we need to maintain object identity, we do a brain
// transplant on the old object so that it contains the contents of the
// new one.
if (!JSObject::swap(cx, wobj, tobj))
MOZ_CRASH();
}
// Before swapping, this wrapper came out of wrap(), which enforces the
// invariant that the wrapper in the map points directly to the key.
JS_ASSERT(Wrapper::wrappedObject(wobj) == newTarget);
// Update the entry in the compartment's wrapper map to point to the old
// wrapper, which has now been updated (via reuse or swap).
JS_ASSERT(wobj->isWrapper());
wcompartment->putWrapper(ObjectValue(*newTarget), ObjectValue(*wobj));
return true;
}
js::NukeCrossCompartmentWrapper(JSContext* cx, JSObject* wrapper)
{
JSCompartment* comp = wrapper->compartment();
auto ptr = comp->lookupWrapper(ObjectValue(*Wrapper::wrappedObject(wrapper)));
if (ptr)
comp->removeWrapper(ptr);
NukeRemovedCrossCompartmentWrapper(cx, wrapper);
}