Bug 930101 - Fix an exact rooting hazard in JSObjectFromInterface; r=smaug
authorTerrence Cole <terrence@mozilla.com>
Wed, 23 Oct 2013 15:33:00 -0700
changeset 166777 5775bf2165d2caef104734dbd722b089e9e70b69
parent 166776 be2e01347abd82173cba282492170c194f9a7119
child 166778 0d86150342ca4f4b07c5096ed29e60d8b94b4ef2
push id428
push userbbajaj@mozilla.com
push dateTue, 28 Jan 2014 00:16:25 +0000
treeherdermozilla-release@cd72a7ff3a75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs930101
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 930101 - Fix an exact rooting hazard in JSObjectFromInterface; r=smaug
dom/base/nsJSEnvironment.cpp
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@@ -1039,20 +1039,22 @@ nsJSContext::JSObjectFromInterface(nsISu
   NS_ENSURE_SUCCESS(rv, rv);
 
   JSObject* obj = v.toObjectOrNull();
   if (obj) {
     JS::ExposeObjectToActiveJS(obj);
   }
 
 #ifdef DEBUG
+  JS::Rooted<JSObject*> rootedObj(cx, obj);
   nsCOMPtr<nsISupports> targetSupp = do_QueryInterface(aTarget);
   nsCOMPtr<nsISupports> native =
-    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, obj);
+    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, rootedObj);
   NS_ASSERTION(native == targetSupp, "Native should be the target!");
+  obj = rootedObj;
 #endif
 
   *aRet = obj;
   return NS_OK;
 }
 
 nsresult
 nsJSContext::BindCompiledEventHandler(nsISupports* aTarget,