Bug 761422, part 3 - get security wrappers before changing maps. r=bholley a=lsblakk
authorAndrew McCreight <amccreight@mozilla.com>
Mon, 30 Jul 2012 21:01:59 -0700
changeset 100467 57841381e779b1326915e7f5e44dbd7728e352b4
parent 100466 c6e67e5626e29e1915ccc9089e50182acf58b88f
child 100468 757d9c0a8d0a87950801ba218377fb823a3a4fe7
push id1252
push useramccreight@mozilla.com
push dateThu, 09 Aug 2012 20:19:28 +0000
treeherdermozilla-beta@757d9c0a8d0a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley, lsblakk
bugs761422
milestone15.0
Bug 761422, part 3 - get security wrappers before changing maps. r=bholley a=lsblakk
js/xpconnect/src/XPCWrappedNative.cpp
--- a/js/xpconnect/src/XPCWrappedNative.cpp
+++ b/js/xpconnect/src/XPCWrappedNative.cpp
@@ -1625,16 +1625,26 @@ XPCWrappedNative::ReparentWrapperIfFound
                 // the private of |flat|.
                 //
                 // NB: It's important to do this _after_ copying the properties to
                 // propertyHolder. Otherwise, an object with |foo.x === foo| will
                 // crash when JS_CopyPropertiesFrom tries to call wrap() on foo.x.
                 JS_SetPrivate(flat, nsnull);
             }
 
+            // Before proceeding, eagerly create any same-compartment security wrappers
+            // that the object might have. This forces us to take the 'WithWrapper' path
+            // while transplanting that handles this stuff correctly.
+            {
+                JSAutoEnterCompartment innerAC;
+                if (!innerAC.enter(ccx, aOldScope->GetGlobalJSObject()) ||
+                    !wrapper->GetSameCompartmentSecurityWrapper(ccx))
+                    return NS_ERROR_FAILURE;
+            }
+
             {   // scoped lock
                 Native2WrappedNativeMap* oldMap = aOldScope->GetWrappedNativeMap();
                 Native2WrappedNativeMap* newMap = aNewScope->GetWrappedNativeMap();
                 XPCAutoLock lock(aOldScope->GetRuntime()->GetMapLock());
 
                 oldMap->Remove(wrapper);
 
                 if (wrapper->HasProto())
@@ -1660,26 +1670,16 @@ XPCWrappedNative::ReparentWrapperIfFound
                 }
 
                 NS_ASSERTION(!newMap->Find(wrapper->GetIdentityObject()),
                              "wrapper already in new scope!");
 
                 (void) newMap->Add(wrapper);
             }
 
-            // Before proceeding, eagerly create any same-compartment security wrappers
-            // that the object might have. This forces us to take the 'WithWrapper' path
-            // while transplanting that handles this stuff correctly.
-            {
-                JSAutoEnterCompartment innerAC;
-                if (!innerAC.enter(ccx, aOldScope->GetGlobalJSObject()) ||
-                    !wrapper->GetSameCompartmentSecurityWrapper(ccx))
-                    return NS_ERROR_FAILURE;
-            }
-
             JSObject *ww = wrapper->GetWrapper();
             if (ww) {
                 JSObject *newwrapper;
                 MOZ_ASSERT(!xpc::WrapperFactory::IsComponentsObject(flat), 
                            "Components object should never get here");
                 if (xpc::WrapperFactory::IsLocationObject(flat)) {
                     newwrapper = xpc::WrapperFactory::WrapLocationObject(ccx, newobj);
                     if (!newwrapper)