Bug 689118 - Protect against JSVAL_IS_OBJECT(null) being true. r=luke
authorBlake Kaplan <mrbkap@gmail.com>
Wed, 04 Jan 2012 17:45:02 +0100
changeset 84980 5025534b9d88feb23fd58c0b6e1dd5805d5ce113
parent 84979 05785aed9ca1f8d7faf8c128b43b6065a196278d
child 84981 80cc942b8db76934b6c14f10699aa346108de28d
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs689118
milestone12.0a1
Bug 689118 - Protect against JSVAL_IS_OBJECT(null) being true. r=luke
js/jsd/jsd_val.c
js/src/jsprvtd.h
--- a/js/jsd/jsd_val.c
+++ b/js/jsd/jsd_val.c
@@ -223,17 +223,17 @@ jsd_GetValueString(JSDContext* jsdc, JSD
     if(JSVAL_IS_STRING(jsdval->val)) {
         jsdval->string = JSVAL_TO_STRING(jsdval->val);
         return jsdval->string;
     }
 
     JS_BeginRequest(cx);
 
     /* Objects call JS_ValueToString in their own compartment. */
-    scopeObj = JSVAL_IS_OBJECT(jsdval->val) ? JSVAL_TO_OBJECT(jsdval->val) : jsdc->glob;
+    scopeObj = !JSVAL_IS_PRIMITIVE(jsdval->val) ? JSVAL_TO_OBJECT(jsdval->val) : jsdc->glob;
     call = JS_EnterCrossCompartmentCall(cx, scopeObj);
     if(!call) {
         JS_EndRequest(cx);
         return NULL;
     }
     exceptionState = JS_SaveExceptionState(cx);
 
     string = JS_ValueToString(cx, jsdval->val);
--- a/js/src/jsprvtd.h
+++ b/js/src/jsprvtd.h
@@ -286,23 +286,23 @@ struct RootMethods { };
 /*
  * Reference to a stack location rooted for GC. See "Moving GC Stack Rooting"
  * comment in jscntxt.h.
  */
 template <typename T>
 class Handle
 {
   public:
-    // Copy handles of different types, with implicit coercion.
+    /* Copy handles of different types, with implicit coercion. */
     template <typename S> Handle(Handle<S> handle) {
         testAssign<S>();
         ptr = reinterpret_cast<const T *>(handle.address());
     }
 
-    // Get a handle from a rooted stack location, with implicit coercion.
+    /* Get a handle from a rooted stack location, with implicit coercion. */
     template <typename S> inline Handle(const Root<S> &root);
     template <typename S> inline Handle(const RootedVar<S> &root);
 
     const T *address() { return ptr; }
 
     operator T () { return value(); }
     T operator ->() { return value(); }