From 4e89986f1de9c06be1400be118fd855ec217b027 Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Thu, 9 Jan 2014 11:07:59 +0100
Subject: [PATCH] Bug 951632 - Fix shell metadata hook to skip functions from
 other compartments. r=luke

--HG--
extra : rebase_source : c1b5d5fdde8748890cc6179d7d0676c809c4939b
---
 js/src/builtin/TestingFunctions.cpp      | 2 +-
 js/src/jit-test/tests/basic/bug951632.js | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 js/src/jit-test/tests/basic/bug951632.js

diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp
index 8fea924b5e5..6320ff2cd4d 100644
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -1009,7 +1009,7 @@ ShellObjectMetadataCallback(JSContext *cx, JSObject **pmetadata)
 
     int stackIndex = 0;
     for (NonBuiltinScriptFrameIter iter(cx); !iter.done(); ++iter) {
-        if (iter.isFunctionFrame()) {
+        if (iter.isFunctionFrame() && iter.compartment() == cx->compartment()) {
             if (!JS_DefinePropertyById(cx, stack, INT_TO_JSID(stackIndex), ObjectValue(*iter.callee()),
                                        JS_PropertyStub, JS_StrictPropertyStub, 0))
             {
diff --git a/js/src/jit-test/tests/basic/bug951632.js b/js/src/jit-test/tests/basic/bug951632.js
new file mode 100644
index 00000000000..a2e6a89adcd
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug951632.js
@@ -0,0 +1,9 @@
+setObjectMetadataCallback(true);
+var g = newGlobal()
+g.eval("function f(a) { return h(); }");
+g.h = function () {
+    return [1, 2, 3];
+};
+var o = getObjectMetadata(g.f(5));
+assertEq(o.stack.length, 1);
+assertEq(o.stack[0], g.h);