Bug 775435 - Wrap-by-default in GetNPObjectWrapper. r=bsmedberg a=akeybl
authorBobby Holley <bobbyholley@gmail.com>
Tue, 24 Jul 2012 10:45:23 +0200
changeset 102184 da5ea41d129dc18f801c0cf9c30c3f2157e29d51
parent 102183 ce2e8871ebd8c523afb9e29f27b470c8ec5a8496
child 102185 1a79e2cf11ad4397a2c3a147ab7997ad60714ce0
push id1761
push userbobbyholley@gmail.com
push dateTue, 24 Jul 2012 08:46:11 +0000
treeherdermozilla-aurora@da5ea41d129d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmedberg, akeybl
bugs775435
milestone16.0a2
Bug 775435 - Wrap-by-default in GetNPObjectWrapper. r=bsmedberg a=akeybl
dom/plugins/base/nsJSNPRuntime.cpp
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -1145,33 +1145,38 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS
   }
 
   return wrapper;
 }
 
 // Climb the prototype chain, unwrapping as necessary until we find an NP object
 // wrapper.
 //
-// Note that the returned value is not necessarily in the same compartment as cx.
-// Callers should use it in very limited ways (checking the private is fine).
+// Because this function unwraps, its return value must be wrapped for the cx
+// compartment for callers that plan to hold onto the result or do anything
+// substantial with it.
 static JSObject *
-GetNPObjectWrapper(JSContext *cx, JSObject *obj)
+GetNPObjectWrapper(JSContext *cx, JSObject *obj, bool wrapResult = true)
 {
   while (obj && (obj = js::UnwrapObjectChecked(cx, obj))) {
-    if (JS_GetClass(obj) == &sNPObjectJSWrapperClass)
+    if (JS_GetClass(obj) == &sNPObjectJSWrapperClass) {
+      if (wrapResult && !JS_WrapObject(cx, &obj)) {
+        return NULL;
+      }
       return obj;
+    }
     obj = ::JS_GetPrototype(obj);
   }
   return NULL;
 }
 
 static NPObject *
 GetNPObject(JSContext *cx, JSObject *obj)
 {
-  obj = GetNPObjectWrapper(cx, obj);
+  obj = GetNPObjectWrapper(cx, obj, /* wrapResult = */ false);
   if (!obj) {
     return nsnull;
   }
 
   return (NPObject *)::JS_GetPrivate(obj);
 }