Bug 930101 - Fix an exact rooting hazard in JSObjectFromInterface; r=smaug
authorTerrence Cole <terrence@mozilla.com>
Wed, 23 Oct 2013 15:33:00 -0700
changeset 165825 5775bf2165d2caef104734dbd722b089e9e70b69
parent 165824 be2e01347abd82173cba282492170c194f9a7119
child 165826 0d86150342ca4f4b07c5096ed29e60d8b94b4ef2
push id3066
push userakeybl@mozilla.com
push dateMon, 09 Dec 2013 19:58:46 +0000
treeherdermozilla-beta@a31a0dce83aa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs930101
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 930101 - Fix an exact rooting hazard in JSObjectFromInterface; r=smaug
dom/base/nsJSEnvironment.cpp
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@@ -1039,20 +1039,22 @@ nsJSContext::JSObjectFromInterface(nsISu
   NS_ENSURE_SUCCESS(rv, rv);
 
   JSObject* obj = v.toObjectOrNull();
   if (obj) {
     JS::ExposeObjectToActiveJS(obj);
   }
 
 #ifdef DEBUG
+  JS::Rooted<JSObject*> rootedObj(cx, obj);
   nsCOMPtr<nsISupports> targetSupp = do_QueryInterface(aTarget);
   nsCOMPtr<nsISupports> native =
-    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, obj);
+    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, rootedObj);
   NS_ASSERTION(native == targetSupp, "Native should be the target!");
+  obj = rootedObj;
 #endif
 
   *aRet = obj;
   return NS_OK;
 }
 
 nsresult
 nsJSContext::BindCompiledEventHandler(nsISupports* aTarget,