Followup bustage fix for bug 653926. r=jst a=akeybl for checkin into a CLOSED TREE CAMINO_2_1_MINIBRANCH
authorBlake Kaplan <mrbkap@gmail.com>
Mon, 31 Oct 2011 14:37:04 -0700
branchCAMINO_2_1_MINIBRANCH
changeset 35225 ed32cbc749af541110036a40294fccaab3079464
parent 35224 eb499b0c7d8cd70aacfb81384b013e6afa836805
child 35226 575262e41103e2fba7ab87eb3c088d5f75f39ae9
push id1998
push useralqahira@ardisson.org
push dateThu, 03 Nov 2011 02:27:52 +0000
reviewersjst, akeybl
bugs653926
milestone1.9.2.23
Followup bustage fix for bug 653926. r=jst a=akeybl for checkin into a CLOSED TREE
js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
--- a/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
+++ b/js/src/xpconnect/loader/mozJSSubScriptLoader.cpp
@@ -154,17 +154,23 @@ mozJSSubScriptLoader::LoadSubScript (con
     {
         /* let the exception raised by JS_ConvertArguments show through */
         return NS_OK;
     }
 
     nsCOMPtr<nsIPrincipal> principal = mSystemPrincipal;
     JSObject *result_obj = target_obj;
 
-    target_obj = target_obj ? XPCWrapper::Unwrap(cx, target_obj) : nsnull;
+    // This is very hacky: we know that our caller must be chrome here, and
+    // therefore if XPCWrappe::Unwrap returns null, then the object that we
+    // passed in was not a security wrapper (and not that it was an object
+    // that we couldn't access). In that case, we can use the original object
+    // without any changes.
+    if (target_obj && !(target_obj = XPCWrapper::Unwrap(cx, target_obj)))
+        target_obj = result_obj;
 
     if (!target_obj)
     {
         /* if the user didn't provide an object to eval onto, find the global
          * object by walking the parent chain of the calling object */
 
 #ifdef DEBUG_rginda
         JSObject *got_glob = JS_GetGlobalObject (cx);