Bug 664821 - Use WrapNative correctly and wrap objects array to avoid compartment errors. r=mrbkap

2024-09-13 09:24:08 -07:00 · 2011-06-23 12:46:38 -04:00 · 2011-06-23 12:46:38 -04:00 · 0f2cde5a92
commit 0f2cde5a92
parent f4cbe3b555
1 changed files with 8 additions and 4 deletions
--- a/content/base/src/nsFrameMessageManager.cpp
+++ b/content/base/src/nsFrameMessageManager.cpp
@ -369,7 +369,7 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
        jsval targetv;
        nsContentUtils::WrapNative(ctx,
                                   JS_GetGlobalForObject(ctx, object),
-                                   aTarget, &targetv);
+                                   aTarget, &targetv, nsnull, PR_TRUE);

        // To keep compatibility with e10s message manager,
        // define empty objects array.
@ -382,6 +382,11 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
          }
        }

+        js::AutoValueRooter objectsv(ctx);
+        objectsv.set(OBJECT_TO_JSVAL(aObjectsArray));
+        if (!JS_WrapValue(ctx, objectsv.jsval_addr()))
+            return NS_ERROR_UNEXPECTED;
+
        jsval json = JSVAL_NULL;
        if (!aJSON.IsEmpty()) {
          if (!JS_ParseJSON(ctx, (jschar*)nsString(aJSON).get(),
@ -400,8 +405,7 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
        JS_DefineProperty(ctx, param, "sync",
                          BOOLEAN_TO_JSVAL(aSync), NULL, NULL, JSPROP_ENUMERATE);
        JS_DefineProperty(ctx, param, "json", json, NULL, NULL, JSPROP_ENUMERATE);
-        JS_DefineProperty(ctx, param, "objects", OBJECT_TO_JSVAL(aObjectsArray),
-                          NULL, NULL, JSPROP_ENUMERATE);
+        JS_DefineProperty(ctx, param, "objects", objectsv.jsval_value(), NULL, NULL, JSPROP_ENUMERATE);

        jsval thisValue = JSVAL_VOID;

@ -421,7 +425,7 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
          }
          nsContentUtils::WrapNative(ctx,
                                     JS_GetGlobalForObject(ctx, object),
-                                     defaultThisValue, &thisValue);
+                                     defaultThisValue, &thisValue, nsnull, PR_TRUE);
        } else {
          // If the listener is a JS object which has receiveMessage function:
          NS_ENSURE_STATE(JS_GetProperty(ctx, object, "receiveMessage",