Bug 689118 - Protect against JSVAL_IS_OBJECT(null) being true. r=luke a=akeybl
authorBlake Kaplan <mrbkap@gmail.com>
Mon, 09 Jan 2012 21:02:11 +0100
changeset 84032 381825ff95c0eb9cc5821a0a010b73ede9f02eaa
parent 84031 579bcfe3d3accba4e909434038ff9218d8c247d5
child 84033 421e31da0ca7b4386d6f70dae144825635e57a53
push idunknown
push userunknown
push dateunknown
reviewersluke, akeybl
bugs689118
milestone11.0a2
Bug 689118 - Protect against JSVAL_IS_OBJECT(null) being true. r=luke a=akeybl
js/jsd/jsd_val.c
--- a/js/jsd/jsd_val.c
+++ b/js/jsd/jsd_val.c
@@ -223,17 +223,17 @@ jsd_GetValueString(JSDContext* jsdc, JSD
     if(JSVAL_IS_STRING(jsdval->val)) {
         jsdval->string = JSVAL_TO_STRING(jsdval->val);
         return jsdval->string;
     }
 
     JS_BeginRequest(cx);
 
     /* Objects call JS_ValueToString in their own compartment. */
-    scopeObj = JSVAL_IS_OBJECT(jsdval->val) ? JSVAL_TO_OBJECT(jsdval->val) : jsdc->glob;
+    scopeObj = !JSVAL_IS_PRIMITIVE(jsdval->val) ? JSVAL_TO_OBJECT(jsdval->val) : jsdc->glob;
     call = JS_EnterCrossCompartmentCall(cx, scopeObj);
     if(!call) {
         JS_EndRequest(cx);
         return NULL;
     }
     exceptionState = JS_SaveExceptionState(cx);
 
     string = JS_ValueToString(cx, jsdval->val);