From 2e92e6a345eaca4c0e05ec690fffedb4af0957e6 Mon Sep 17 00:00:00 2001
From: Andreas Gal <gal@mozilla.com>
Date: Mon, 1 Nov 2010 16:18:01 -0700
Subject: [PATCH] Switch compartments when walking stacks (bug 608800,
 r=mrbkap).

---
 js/src/jsexn.cpp | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/js/src/jsexn.cpp b/js/src/jsexn.cpp
index 01c09df5bc4..cb2fd932f78 100644
--- a/js/src/jsexn.cpp
+++ b/js/src/jsexn.cpp
@@ -61,6 +61,7 @@
 #include "jsscope.h"
 #include "jsscript.h"
 #include "jsstaticcheck.h"
+#include "jswrapper.h"
 
 #include "jscntxtinlines.h"
 #include "jsinterpinlines.h"
@@ -545,9 +546,14 @@ ValueToShortSource(JSContext *cx, jsval v)
     JSString *str;
 
     /* Avoid toSource bloat and fallibility for object types. */
-    if (JSVAL_IS_PRIMITIVE(v)) {
-        str = js_ValueToSource(cx, Valueify(v));
-    } else if (VALUE_IS_FUNCTION(cx, v)) {
+    if (JSVAL_IS_PRIMITIVE(v))
+        return js_ValueToSource(cx, Valueify(v));
+
+    AutoCompartment ac(cx, JSVAL_TO_OBJECT(v));
+    if (!ac.enter())
+        return NULL;
+
+    if (VALUE_IS_FUNCTION(cx, v)) {
         /*
          * XXX Avoid function decompilation bloat for now.
          */
@@ -570,6 +576,11 @@ ValueToShortSource(JSContext *cx, jsval v)
                     JSVAL_TO_OBJECT(v)->getClass()->name);
         str = JS_NewStringCopyZ(cx, buf);
     }
+
+    ac.leave();
+
+    if (!str || !cx->compartment->wrap(cx, &str))
+        return NULL;
     return str;
 }