Bug 597104 - Innerize cx->globalObject before using it. r=gal
authorBlake Kaplan <mrbkap@gmail.com>
Thu, 16 Sep 2010 11:36:18 -0700
changeset 54400 7e47ca7dd0a2cf5702b65ee050a99a689b283357
parent 54399 9eaff50687a3e1b31b565536648d5fc5c8317839
child 54401 89535221195d490d488bdec313fdc10964e362b7
push idunknown
push userunknown
push dateunknown
reviewersgal
bugs597104
milestone2.0b6pre
Bug 597104 - Innerize cx->globalObject before using it. r=gal
js/src/jswrapper.cpp
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@@ -382,18 +382,26 @@ JSCompartment::wrap(JSContext *cx, Value
 
     /*
      * Wrappers should really be parented to the wrapped parent of the wrapped
      * object, but in that case a wrapped global object would have a NULL
      * parent without being a proper global object (JSCLASS_IS_GLOBAL). Instead,
      * we parent all wrappers to the global object in their home compartment.
      * This loses us some transparency, and is generally very cheesy.
      */
-    JSObject *global =
-        cx->hasfp() ? cx->fp()->scopeChain().getGlobal() : cx->globalObject;
+    JSObject *global;
+    if (cx->hasfp()) {
+        global = cx->fp()->scopeChain().getGlobal();
+    } else {
+        global = cx->globalObject;
+        OBJ_TO_INNER_OBJECT(cx, global);
+        if (!global)
+            return false;
+    }
+
     wrapper->setParent(global);
     return true;
 }
 
 bool
 JSCompartment::wrap(JSContext *cx, JSString **strp)
 {
     AutoValueRooter tvr(cx, StringValue(*strp));