From 78d9a8bac650e6db743033dd3e188a5dc78efaca Mon Sep 17 00:00:00 2001
From: Blake Kaplan <mrbkap@gmail.com>
Date: Wed, 23 Jun 2010 16:56:28 -0500
Subject: [PATCH] Bug 572233 - Don't accidentally wrap an object on the
 prototype chain. r=jst

--HG--
extra : rebase_source : ff4c32ed65dde104f2630d9d435888b12298a29f
---
 .../xpconnect/src/xpcwrappednativescope.cpp   | 26 +++++++------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/js/src/xpconnect/src/xpcwrappednativescope.cpp b/js/src/xpconnect/src/xpcwrappednativescope.cpp
index c2df9079fa0..b0215fd0ae3 100644
--- a/js/src/xpconnect/src/xpcwrappednativescope.cpp
+++ b/js/src/xpconnect/src/xpcwrappednativescope.cpp
@@ -1031,8 +1031,12 @@ XPCWrappedNativeScope::GetWrapperFor(JSContext *cx, JSObject *obj,
             principalEqual = PR_TRUE;
     }
 
+    PRBool native = IS_WRAPPER_CLASS(obj->getClass());
+    XPCWrappedNative *wrapper = (native && IS_WN_WRAPPER_OBJECT(obj))
+                                ? (XPCWrappedNative *) xpc_GetJSPrivate(obj)
+                                : nsnull;
     if(wn)
-        *wn = nsnull;
+        *wn = wrapper;
 
     // XXX The isSystem checks shouldn't be needed, but are needed because we
     // can get here before nsGlobalChromeWindows have a non-about:blank
@@ -1053,25 +1057,19 @@ XPCWrappedNativeScope::GetWrapperFor(JSContext *cx, JSObject *obj,
             XPCCrossOriginWrapper::ClassNeedsXOW(obj->getClass()->name);
 
         // Is other a chrome object?
-        JSObject *obj2;
-        XPCWrappedNative *wrapper =
-            XPCWrappedNative::GetWrappedNativeOfJSObject(cx, obj, nsnull, &obj2);
         if(principalEqual || obj->isSystem())
         {
             if(hint & XPCNW)
-                return (wrapper || obj2) ? hint : NONE;
+                return native ? hint : NONE;
             return wantsXOW ? SJOW : NONE;
         }
 
         // Other isn't a chrome object: we need to wrap it in a SJOW or an
         // XPCNW.
 
-        if(!wrapper && !obj2)
+        if(!native)
             hint = SJOW;
-
-        if(wn)
-            *wn = wrapper;
-        if(hint == UNKNOWN)
+        else if(hint == UNKNOWN)
             hint = XPCNW_IMPLICIT;
 
         NS_ASSERTION(hint <= SJOW, "returning the wrong wrapper for chrome code");
@@ -1081,12 +1079,6 @@ XPCWrappedNativeScope::GetWrapperFor(JSContext *cx, JSObject *obj,
     // We're content code. We must never return XPCNW_IMPLICIT from here (but
     // might return XPCNW_EXPLICIT if hint is already XPCNW_EXPLICIT).
 
-    JSObject *obj2;
-    XPCWrappedNative *wrapper =
-        XPCWrappedNative::GetWrappedNativeOfJSObject(cx, obj, nsnull, &obj2);
-    if(wn)
-        *wn = wrapper;
-
     nsIPrincipal *otherprincipal = other->GetPrincipal();
     XPCWrapper::GetSecurityManager()->IsSystemPrincipal(otherprincipal, &system);
     if(system)
@@ -1107,7 +1099,7 @@ XPCWrappedNativeScope::GetWrapperFor(JSContext *cx, JSObject *obj,
 
     // If this object isn't an XPCWrappedNative, then we don't need to create
     // any other types of wrapper than the hint.
-    if(!wrapper && !obj2)
+    if(!native)
     {
 #if 0
         // XXX Re-enable these assertions when we have a better mochitest