From b1458c56ab104f987da63c59f62e2432de3c80b9 Mon Sep 17 00:00:00 2001
From: "mrbkap@gmail.com" <none@none>
Date: Tue, 7 Aug 2007 18:54:48 -0700
Subject: [PATCH] De-confuse GetWrappedNativeOfJSObject about wrappers around
 the outer object. bug 391055, r+sr=jst

---
 js/src/xpconnect/src/xpcwrappednative.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/js/src/xpconnect/src/xpcwrappednative.cpp b/js/src/xpconnect/src/xpcwrappednative.cpp
index c6f269a4794..e38b688bb40 100644
--- a/js/src/xpconnect/src/xpcwrappednative.cpp
+++ b/js/src/xpconnect/src/xpcwrappednative.cpp
@@ -1367,6 +1367,15 @@ return_tearoff:
     {
         JSObject *outer = ((JSExtendedClass*)clazz)->outerObject(cx, obj);
 
+        // Protect against infinite recursion through XOWs.
+        JSObject *unsafeObj;
+        clazz = JS_GET_CLASS(cx, outer);
+        if(clazz == &sXPC_XOW_JSClass.base &&
+           (unsafeObj = XPCWrapper::Unwrap(cx, outer)))
+        {
+            outer = unsafeObj;
+        }
+
         if(outer && outer != obj)
             return GetWrappedNativeOfJSObject(cx, outer, funobj, pobj2,
                                               pTearOff);