mozjs icon indicating copy to clipboard operation
mozjs copied to clipboard

Published 20 hours ago verified publisher icon servo

Incorrect Signature for `JS_DeletePropertyById1`

Open Redfire75369 opened this issue 2 years ago • 2 comments

Actual Signature:

pub unsafe extern "C" fn JS_DeletePropertyById1(cx: *mut JSContext, obj: Handle<*mut JSObject>, id: PropertyKey) -> bool

Expected Signature:

bool JS_DeletePropertyById(JSContext* cx, HandleObject obj, HandleId id);

Expected Signature (Rust):

pub unsafe extern "C" fn JS_DeletePropertyById1(cx: *mut JSContext, obj: Handle<*mut JSObject>, id: Handle<PropertyKey>) -> bool

The last parameter should be a Handle to the PropertyKey, but for some reason, the raw PropertyKey is in the signature instead. This leads to a linking error when trying to compile.

This issue does not apply to JS_DeletePropertyById.

Redfire75369 avatar Nov 18 '22 15:11 Redfire75369

I can confirm that the problem still exist, but I think that's not our/bindgen bug.

Mozilla-esr115 has these two functions declared in https://searchfox.org/mozilla-esr115/source/js/public/PropertyAndElement.h#381:

// maped to JS_DeletePropertyById by bindgen
extern JS_PUBLIC_API bool JS_DeletePropertyById(JSContext* cx,
                                                JS::Handle<JSObject*> obj,
                                                JS::Handle<jsid> id,
                                                JS::ObjectOpResult& result);

// maped to JS_DeletePropertyById1 by bindgen
extern JS_PUBLIC_API bool JS_DeletePropertyById(JSContext* cx,
                                                JS::Handle<JSObject*> obj,
                                                jsid id);

While their definition is in https://searchfox.org/mozilla-esr115/source/js/src/vm/PropertyAndElement.cpp#739:

JS_PUBLIC_API bool JS_DeletePropertyById(JSContext* cx,
                                         JS::Handle<JSObject*> obj,
                                         JS::Handle<jsid> id,
                                         JS::ObjectOpResult& result) {
  AssertHeapIsIdle();
  CHECK_THREAD(cx);
  cx->check(obj, id);

  return js::DeleteProperty(cx, obj, id, result);
}


JS_PUBLIC_API bool JS_DeletePropertyById(JSContext* cx,
                                         JS::Handle<JSObject*> obj,
                                         JS::Handle<jsid> id) {
  JS::ObjectOpResult ignored;
  return JS_DeletePropertyById(cx, obj, id, ignored);
}

As you notice second function (the one that is mapped to JS_DeletePropertyById1) is not matching it's declaration, so this is actually upstream bug.

Why hasn't been caught? Because they do not use Rust 😄 also they do not actually use second function from at least esr91 (two years).

This bug is still present in mozilla-central.

sagudev avatar Sep 22 '23 04:09 sagudev

This bug is still present in mozilla-central.

Thanks for reporting this on Matrix. I posted a patch here: https://bugzilla.mozilla.org/show_bug.cgi?id=1854643

jandem avatar Sep 22 '23 14:09 jandem

Fixed as of ESR 128.

Redfire75369 avatar Aug 07 '24 12:08 Redfire75369