Bug 1094953: Ensure that GetGlobalJSObject on the native global does not return null in nsXPCWrappedJSClass::DelegatedQueryInterface. r=bholley
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@@ -503,18 +503,23 @@ nsXPCWrappedJSClass::DelegatedQueryInter
// We can't have a cached wrapper.
if (aIID.Equals(NS_GET_IID(nsWrapperCache))) {
*aInstancePtr = nullptr;
return NS_NOINTERFACE;
}
// QI on an XPCWrappedJS can run script, so we need an AutoEntryScript.
// This is inherently Gecko-specific.
+ // We check both nativeGlobal and nativeGlobal->GetGlobalJSObject() even
+ // though we have derived nativeGlobal from the JS global, because we know
+ // there are cases where this can happen. See bug 1094953.
nsIGlobalObject* nativeGlobal =
NativeGlobal(js::GetGlobalForObjectCrossCompartment(self->GetJSObject()));
+ NS_ENSURE_TRUE(nativeGlobal, NS_ERROR_FAILURE);
+ NS_ENSURE_TRUE(nativeGlobal->GetGlobalJSObject(), NS_ERROR_FAILURE);
AutoEntryScript aes(nativeGlobal, /* aIsMainThread = */ true);
XPCCallContext ccx(NATIVE_CALLER, aes.cx());
if (!ccx.IsValid()) {
*aInstancePtr = nullptr;
return NS_NOINTERFACE;
}
// We support nsISupportsWeakReference iff the root wrapped JSObject