Fix bug 585284. r=jst a=clegnitto
authorBlake Kaplan <mrbkap@gmail.com>
Mon, 16 Aug 2010 13:52:04 -0700
changeset 27054 28e2ed70bd323721eb42762f2dc7baf993cc0cce
parent 27053 addd2db5f27dc7860cd461dbd8f66fde12309bb8
child 27055 4b76384e608efc4a07b6d0b727287455d0f80bec
push id2462
push usermrbkap@mozilla.com
push dateMon, 16 Aug 2010 20:52:30 +0000
reviewersjst, clegnitto
bugs585284
milestone1.9.1.12pre
Fix bug 585284. r=jst a=clegnitto
js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
--- a/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
@@ -405,23 +405,28 @@ static JSBool
 GetScriptedFunction(JSContext *cx, JSObject *obj, JSObject *unsafeObj,
                     uint32 slotIndex, const nsAFlatCString& funScript,
                     jsval *scriptedFunVal)
 {
   if (!::JS_GetReservedSlot(cx, obj, slotIndex, scriptedFunVal)) {
     return JS_FALSE;
   }
 
+  JSObject *scopeobj = JS_GetGlobalForObject(cx, unsafeObj);
+  OBJ_TO_INNER_OBJECT(cx, scopeobj);
+  if (!scopeobj) {
+    return JS_FALSE;
+  }
+
   // If we either have no scripted function in the requested slot yet,
   // or if the scope of the unsafeObj changed since we compiled the
   // scripted function, re-compile to make sure the scripted function
   // is properly scoped etc.
   if (JSVAL_IS_VOID(*scriptedFunVal) ||
-      JS_GetGlobalForObject(cx, unsafeObj) !=
-      JS_GetGlobalForObject(cx, JSVAL_TO_OBJECT(*scriptedFunVal))) {
+      scopeobj != JS_GetGlobalForObject(cx, JSVAL_TO_OBJECT(*scriptedFunVal))) {
     // Check whether we have a cached principal or not.
     jsval pv;
     if (!::JS_GetReservedSlot(cx, obj, XPC_SJOW_SLOT_PRINCIPAL, &pv)) {
       return JS_FALSE;
     }
 
     JSPrincipals *jsprin = nsnull;
 
@@ -438,18 +443,17 @@ GetScriptedFunction(JSContext *cx, JSObj
     }
 
     if (!jsprin) {
       return ThrowException(NS_ERROR_UNEXPECTED, cx);
     }
 
     JSFunction *scriptedFun =
       ::JS_CompileFunctionForPrincipals(cx,
-                                        JS_GetGlobalForObject(cx, unsafeObj),
-                                        jsprin, nsnull, 0, nsnull,
+                                        scopeobj, jsprin, nsnull, 0, nsnull,
                                         funScript.get(), funScript.Length(),
                                         "XPCSafeJSObjectWrapper.cpp",
                                         __LINE__);
 
     JSPRINCIPALS_DROP(cx, jsprin);
 
     if (!scriptedFun) {
       return ThrowException(NS_ERROR_FAILURE, cx);