Bug 664821 - Use WrapNative correctly and wrap objects array to avoid compartment errors. r=mrbkap
☠☠ backed out by 97dbe5dc67c8 ☠ ☠
authorJosh Matthews <josh@joshmatthews.net>
Thu, 16 Jun 2011 16:45:07 -0400
changeset 71571 831fabb406a17688be991936105c9d6889f60b6b
parent 71570 06f3c7b5961763952309f077decf73ff8b6b0d06
child 71572 05351157216d37ccb3cfad3409778e7c3a8d16dd
child 71589 97dbe5dc67c890c1eb6537c7f0f1fdeff19adb6c
push id20566
push usermlamouri@mozilla.com
push dateThu, 23 Jun 2011 09:20:24 +0000
treeherdermozilla-central@c70b05ca6e88 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs664821
milestone7.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 664821 - Use WrapNative correctly and wrap objects array to avoid compartment errors. r=mrbkap
content/base/src/nsFrameMessageManager.cpp
--- a/content/base/src/nsFrameMessageManager.cpp
+++ b/content/base/src/nsFrameMessageManager.cpp
@@ -364,29 +364,33 @@ nsFrameMessageManager::ReceiveMessage(ns
 
         // The parameter for the listener function.
         JSObject* param = JS_NewObject(ctx, NULL, NULL, NULL);
         NS_ENSURE_TRUE(param, NS_ERROR_OUT_OF_MEMORY);
 
         jsval targetv;
         nsContentUtils::WrapNative(ctx,
                                    JS_GetGlobalForObject(ctx, object),
-                                   aTarget, &targetv);
+                                   aTarget, &targetv, nsnull, PR_TRUE);
 
         // To keep compatibility with e10s message manager,
         // define empty objects array.
         if (!aObjectsArray) {
           // Because we want JS messages to have always the same properties,
           // create array even if len == 0.
           aObjectsArray = JS_NewArrayObject(ctx, 0, NULL);
           if (!aObjectsArray) {
             return NS_ERROR_OUT_OF_MEMORY;
           }
         }
 
+        jsval objectsv;
+        if (!JS_WrapValue(ctx, &objectsv))
+            return NS_ERROR_UNEXPECTED;
+
         jsval json = JSVAL_NULL;
         if (!aJSON.IsEmpty()) {
           if (!JS_ParseJSON(ctx, (jschar*)nsString(aJSON).get(),
                             (uint32)aJSON.Length(), &json)) {
             json = JSVAL_NULL;
           }
         }
         JSString* jsMessage =
@@ -395,18 +399,17 @@ nsFrameMessageManager::ReceiveMessage(ns
                               aMessage.Length());
         NS_ENSURE_TRUE(jsMessage, NS_ERROR_OUT_OF_MEMORY);
         JS_DefineProperty(ctx, param, "target", targetv, NULL, NULL, JSPROP_ENUMERATE);
         JS_DefineProperty(ctx, param, "name",
                           STRING_TO_JSVAL(jsMessage), NULL, NULL, JSPROP_ENUMERATE);
         JS_DefineProperty(ctx, param, "sync",
                           BOOLEAN_TO_JSVAL(aSync), NULL, NULL, JSPROP_ENUMERATE);
         JS_DefineProperty(ctx, param, "json", json, NULL, NULL, JSPROP_ENUMERATE);
-        JS_DefineProperty(ctx, param, "objects", OBJECT_TO_JSVAL(aObjectsArray),
-                          NULL, NULL, JSPROP_ENUMERATE);
+        JS_DefineProperty(ctx, param, "objects", objectsv, NULL, NULL, JSPROP_ENUMERATE);
 
         jsval thisValue = JSVAL_VOID;
 
         jsval funval = JSVAL_VOID;
         if (JS_ObjectIsFunction(ctx, object)) {
           // If the listener is a JS function:
           funval = OBJECT_TO_JSVAL(object);
 
@@ -416,17 +419,17 @@ nsFrameMessageManager::ReceiveMessage(ns
           if (mChrome) {
             defaultThisValue =
               do_QueryInterface(static_cast<nsIContentFrameMessageManager*>(this));
           } else {
             defaultThisValue = aTarget;
           }
           nsContentUtils::WrapNative(ctx,
                                      JS_GetGlobalForObject(ctx, object),
-                                     defaultThisValue, &thisValue);
+                                     defaultThisValue, &thisValue, nsnull, PR_TRUE);
         } else {
           // If the listener is a JS object which has receiveMessage function:
           NS_ENSURE_STATE(JS_GetProperty(ctx, object, "receiveMessage",
                                          &funval) &&
                           JSVAL_IS_OBJECT(funval) &&
                           !JSVAL_IS_NULL(funval));
           JSObject* funobject = JSVAL_TO_OBJECT(funval);
           NS_ENSURE_STATE(JS_ObjectIsFunction(ctx, funobject));