Bug 610941 - Don't resolve prototypes for things that aren't windows. r=jst
authorBlake Kaplan <mrbkap@gmail.com>
Mon, 06 Dec 2010 14:46:49 -0800
changeset 58748 cc202b48606f1cbbbfe8d110579935ac41fa4cc5
parent 58747 e7c919ed72f119e1926e8f7c61224d4bfa8ecb46
child 58749 8cd47ad6b71d259c78747c96df4538f44bcebc72
push id17414
push userrsayre@mozilla.com
push dateTue, 07 Dec 2010 03:47:09 +0000
treeherdermozilla-central@37b29506a7d4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjst
bugs610941
milestone2.0b8pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 610941 - Don't resolve prototypes for things that aren't windows. r=jst
dom/base/nsDOMClassInfo.cpp
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -4696,24 +4696,33 @@ nsDOMClassInfo::PostCreatePrototype(JSCo
   // document.body.foopy() needs to ensure that looking up foopy on
   // document.body's prototype will find the right function.
   JSObject *global = ::JS_GetGlobalForObject(cx, proto);
 
   // Only do this if the global object is a window.
   // XXX Is there a better way to check this?
   nsISupports *globalNative = XPConnect()->GetNativeOfWrapper(cx, global);
   nsCOMPtr<nsPIDOMWindow> piwin = do_QueryInterface(globalNative);
-  if(!piwin) {
+  if (!piwin) {
     return NS_OK;
   }
 
   nsGlobalWindow *win = nsGlobalWindow::FromSupports(globalNative);
   if (win->IsClosedOrClosing()) {
     return NS_OK;
   }
+
+  // If the window is in a different compartment than the global object, then
+  // it's likely that global is a sandbox object whose prototype is a window.
+  // Don't do anything in this case.
+  if (win->FastGetGlobalJSObject() &&
+      global->compartment() != win->FastGetGlobalJSObject()->compartment()) {
+    return NS_OK;
+  }
+
   if (win->IsOuterWindow()) {
     // XXXjst: Do security checks here when we remove the security
     // checks on the inner window.
 
     win = win->GetCurrentInnerWindowInternal();
 
     if (!win || !(global = win->GetGlobalJSObject()) ||
         win->IsClosedOrClosing()) {