Bug 791845 - mozMatchesSelectorStub should return false on error. r=bholley
authorGabor Krizsanits <gkrizsanits@mozilla.com>
Wed, 19 Sep 2012 10:53:42 +0200
changeset 107576 650b2238e845455d9642d8bc2c0cce93a20caba9
parent 107575 ca4f5cf1fbed6097f7007d06c66638ed115b68f8
child 107577 6eed25d2f2c959097c1e31d0b727c27b9b311f27
push id82
push usershu@rfrn.org
push dateFri, 05 Oct 2012 13:20:22 +0000
reviewersbholley
bugs791845
milestone18.0a1
Bug 791845 - mozMatchesSelectorStub should return false on error. r=bholley
js/xpconnect/crashtests/791845.html
js/xpconnect/crashtests/crashtests.list
js/xpconnect/wrappers/XrayWrapper.cpp
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/crashtests/791845.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+
+function boom()
+{
+  var ms = Components.lookupMethod(document.documentElement, "mozMatchesSelector");
+  ms.apply({});
+}
+
+</script>
+</head>
+
+<body onload="boom();"></body>
+</html>
--- a/js/xpconnect/crashtests/crashtests.list
+++ b/js/xpconnect/crashtests/crashtests.list
@@ -40,8 +40,9 @@ load 723465.html
 load 732870.html
 load 751995.html
 load 761831.html
 asserts(0-1) load 752038.html # We may hit bug 645229 here.
 asserts(1) load 753162.html # We hit bug 675518 or bug 680086 here.
 load 754311.html
 load 776328.html
 load 776333.html
+load 791845.html
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@@ -648,19 +648,21 @@ Is(JSObject *wrapper)
 // Helper function to work around some limitations of the current XPC 
 // calling mechanism. See: bug 763897.
 // The idea is that we unwrap the 'this' object, and find the wrapped
 // native that belongs to it. Then we simply make the call directly
 // on it after a Query Interface.
 static JSBool
 mozMatchesSelectorStub(JSContext *cx, unsigned argc, jsval *vp)
 {
-    if (argc < 1)
+    if (argc < 1) {
         JS_ReportError(cx, "Not enough arguments");
-    
+        return false;
+    }
+
     JSObject *wrapper = JS_THIS_OBJECT(cx, vp);
     JSString *selector = JS_ValueToString(cx, JS_ARGV(cx, vp)[0]);
     nsDependentJSString selectorStr;
     NS_ENSURE_TRUE(selectorStr.init(cx, selector), false);
 
     nsCOMPtr<nsIDOMElement> element;
     if (IsWrapper(wrapper) && WrapperFactory::IsXrayWrapper(wrapper)) {       
         // If it's xray wrapped we can get the wn directly.