Bug 1125015 - Explicitly climb the Xrayed prototype chain in HasPropertyOnPrototype on esr31. r=peterv, a=abillings
authorBobby Holley <bobbyholley@gmail.com>
Mon, 26 Jan 2015 16:06:59 -0500
changeset 200531 6d7c5ebb94da2ed2e04b183e500e27cf73a34a0a
parent 200530 50cad2d9985b287d9217b8cad5d715a43b848721
child 200532 116ac16029ec871ef31ce49ba81cef57f9619b6a
push id177
push userryanvm@gmail.com
push dateMon, 26 Jan 2015 21:07:03 +0000
treeherdermozilla-esr31@5ee3807b4bb2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspeterv, abillings
bugs1125015
milestone31.4.0
Bug 1125015 - Explicitly climb the Xrayed prototype chain in HasPropertyOnPrototype on esr31. r=peterv, a=abillings
dom/bindings/BindingUtils.cpp
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -1499,27 +1499,40 @@ GetPropertyOnPrototype(JSContext* cx, JS
   *vp = value;
   return true;
 }
 
 bool
 HasPropertyOnPrototype(JSContext* cx, JS::Handle<JSObject*> proxy,
                        JS::Handle<jsid> id)
 {
-  JS::Rooted<JSObject*> obj(cx, proxy);
-  Maybe<JSAutoCompartment> ac;
-  if (xpc::WrapperFactory::IsXrayWrapper(obj)) {
-    obj = js::UncheckedUnwrap(obj);
-    ac.construct(cx, obj);
+  JS::Rooted<JSObject*> curr(cx, proxy);
+  while (true) {
+    JS::Rooted<JSObject*> proto(cx);
+    if (!js::GetObjectProto(cx, curr, &proto)) {
+      JS_ClearPendingException(cx);
+      return true; // Fail safe.
+    }
+
+    if (!proto) {
+      return false;
+    }
+
+    bool hasProp;
+    if (!JS_HasPropertyById(cx, proto, id, &hasProp)) {
+      JS_ClearPendingException(cx);
+      return true; // Fail safe.
+    }
+
+    if (hasProp) {
+      return true;
+    }
+
+    curr = proto;
   }
-
-  bool found;
-  // We ignore an error from GetPropertyOnPrototype.  We pass nullptr
-  // for vp so that GetPropertyOnPrototype won't actually do a get.
-  return !GetPropertyOnPrototype(cx, obj, id, &found, nullptr) || found;
 }
 
 bool
 AppendNamedPropertyIds(JSContext* cx, JS::Handle<JSObject*> proxy,
                        nsTArray<nsString>& names,
                        bool shadowPrototypeProperties,
                        JS::AutoIdVector& props)
 {