Fix bug 584180.
authorBlake Kaplan <mrbkap@gmail.com>
Wed, 11 Aug 2010 14:35:07 -0700
changeset 50372 11ca949a6affc516fffee5acb96e83f645b1a42a
parent 50371 a98a5c0c777eea0539ba804e18f6044133a796a2
child 50373 fe1b3c35fa9d45c694c57db70b1824c45646ba89
push idunknown
push userunknown
push dateunknown
bugs584180
milestone2.0b4pre
Fix bug 584180.
js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
--- a/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
@@ -415,23 +415,31 @@ DummyNative(JSContext *cx, JSObject *obj
 static JSObject *
 GetScopeFunction(JSContext *cx, JSObject *outerObj)
 {
   jsval v;
   if (!JS_GetReservedSlot(cx, outerObj, sScopeFunSlot, &v)) {
     return nsnull;
   }
 
-  if (JSVAL_IS_OBJECT(v)) {
-    return JSVAL_TO_OBJECT(v);
+  JSObject *unsafeObj = GetUnsafeObject(cx, outerObj);
+  JSObject *scopeobj = JS_GetGlobalForObject(cx, unsafeObj);
+  OBJ_TO_INNER_OBJECT(cx, scopeobj);
+  if (!scopeobj) {
+    return nsnull;
   }
 
-  JSObject *unsafeObj = GetUnsafeObject(cx, outerObj);
-  JSFunction *fun = JS_NewFunction(cx, DummyNative, 0, 0,
-                                   JS_GetGlobalForObject(cx, unsafeObj),
+  if (JSVAL_IS_OBJECT(v)) {
+    JSObject *funobj = JSVAL_TO_OBJECT(v);
+    if (JS_GetGlobalForObject(cx, funobj) == scopeobj) {
+      return funobj;
+    }
+  }
+
+  JSFunction *fun = JS_NewFunction(cx, DummyNative, 0, 0, scopeobj,
                                    "SJOWContentBoundary");
   if (!fun) {
     return nsnull;
   }
 
   JSObject *funobj = JS_GetFunctionObject(fun);
   if (!JS_SetReservedSlot(cx, outerObj, sScopeFunSlot, OBJECT_TO_JSVAL(funobj))) {
     return nsnull;