Bug 1822962 - Enter the RegExpObject's compartment in PrintEnumeratedHelp. r=iain (f2ae48a0) · Commits · Dan Ballard / Mullvad Browser

js/src/builtin/RegExp.cpp

+2 −0

Original line number	Diff line number	Diff line
		@@ -311,6 +311,8 @@ bool js::ExecuteRegExpLegacy(JSContext* cx, RegExpStatics* res,
		Handle<RegExpObject*> reobj,
		Handle<JSLinearString> input, size_t lastIndex,
		bool test, MutableHandleValue rval) {
		cx->check(reobj, input);

		RootedRegExpShared shared(cx, RegExpObject::getShared(cx, reobj));
		if (!shared) {
		return false;

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		newGlobal({newCompartment: true}).help(/a\|b/);
		gc();

+10 −3

Original line number	Diff line number	Diff line
		@@ -9635,11 +9635,18 @@ static bool PrintEnumeratedHelp(JSContext* cx, HandleObject obj,
		}
		}

		size_t ignored = 0;
		if (!JSString::ensureLinear(cx, v.toString())) {
		Rooted<JSString*> inputStr(cx, v.toString());
		if (!inputStr->ensureLinear(cx)) {
		return false;
		}
		Rooted<JSLinearString*> input(cx, &v.toString()->asLinear());

		// Execute the regular expression in \|regex\|'s compartment.
		AutoRealm ar(cx, regex);
		if (!cx->compartment()->wrap(cx, &inputStr)) {
		return false;
		}
		Rooted<JSLinearString*> input(cx, &inputStr->asLinear());
		size_t ignored = 0;
		if (!ExecuteRegExpLegacy(cx, nullptr, regex, input, &ignored, true, &v)) {
		return false;
		}

+0 −4

Original line number	Diff line number	Diff line
		@@ -464,10 +464,6 @@ class JSString : public js::gc::CellWithLengthAndFlags {

		inline JSLinearString* ensureLinear(JSContext* cx);

		static bool ensureLinear(JSContext* cx, JSString* str) {
		return str->ensureLinear(cx) != nullptr;
		}

		/* Type query and debug-checked casts */

		MOZ_ALWAYS_INLINE