Bug 1489301 - Part 2: Fix broken [Func] condition assuming Window object, r=bzbarsky
☠☠ backed out by 77f4c84bebf0 ☠ ☠
authorNika Layzell <nika@thelayzells.com>
Sun, 21 Oct 2018 20:38:41 -0400
changeset 490728 19ca10fa37725e9b1a52d05bf2ed479e2a8d4a73
parent 490727 ff8fb091198ee6f4c86ffd4625089dd9751630a0
child 490729 168cf9cea716ac599dc594db4dd410bdaefd70ff
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersbzbarsky
bugs1489301
milestone65.0a1
Bug 1489301 - Part 2: Fix broken [Func] condition assuming Window object, r=bzbarsky This condition unwraps the global to a window, and doesn't check before dereferencing. This is no longer valid now that the corresponding interfaces are exposed on BackstagePass. Differential Revision: https://phabricator.services.mozilla.com/D9402
dom/base/nsGlobalWindowInner.cpp
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -3090,17 +3090,18 @@ nsGlobalWindowInner::GetOwnPropertyNames
     aRv.NoteJSContextException(aCx);
   }
 }
 
 /* static */ bool
 nsGlobalWindowInner::IsPrivilegedChromeWindow(JSContext* aCx, JSObject* aObj)
 {
   // For now, have to deal with XPConnect objects here.
-  return xpc::WindowOrNull(aObj)->IsChromeWindow() &&
+  nsGlobalWindowInner* win = xpc::WindowOrNull(aObj);
+  return win && win->IsChromeWindow() &&
          nsContentUtils::ObjectPrincipal(aObj) == nsContentUtils::GetSystemPrincipal();
 }
 
 /* static */ bool
 nsGlobalWindowInner::OfflineCacheAllowedForContext(JSContext* aCx, JSObject* aObj)
 {
   return IsSecureContextOrObjectIsFromSecureContext(aCx, aObj) ||
          Preferences::GetBool("browser.cache.offline.insecure.enable");