Bug 1477989 part 4 - Use JS::GetNonCCWObjectGlobal in xpc::GetXBLScopeOrGlobal. r=bz

GetOrCreateMapEntryForPrototype is the only caller where the object could be a CCW. However there cx and proto are same-compartment (GetOrCreateMapEntryForPrototype asserts this) so I changed that code to use JS::CurrentGlobalOrNull.

dom/xbl/nsXBLBinding.cpp

@@ -892,7 +892,8 @@ GetOrCreateMapEntryForPrototype(JSContext *cx, JS::Handle<JSObject*> proto)
   // Now, enter the XBL scope, since that's where we need to operate, and wrap
   // the proto accordingly. We hang the map off of the content XBL scope for
   // content, and the Window for chrome (whether add-ons are involved or not).
-  JS::Rooted<JSObject*> scope(cx, xpc::GetXBLScopeOrGlobal(cx, proto));
+  JS::Rooted<JSObject*> scope(cx,
+    xpc::GetXBLScopeOrGlobal(cx, JS::CurrentGlobalOrNull(cx)));
   NS_ENSURE_TRUE(scope, nullptr);
   MOZ_ASSERT(JS_IsGlobalObject(scope));
 
@@ -960,6 +961,9 @@ nsXBLBinding::DoInitJSClass(JSContext *cx,
   // prototype are same-compartment with the bound document.
   JS::Rooted<JSObject*> global(cx, JS::GetNonCCWObjectGlobal(obj));
 
+  // We must be in obj's realm.
+  MOZ_ASSERT(JS::CurrentGlobalOrNull(cx) == global);
+
   // We never store class objects in add-on scopes.
   JS::Rooted<JSObject*> xblScope(cx, xpc::GetXBLScopeOrGlobal(cx, global));
   NS_ENSURE_TRUE(xblScope, NS_ERROR_UNEXPECTED);

js/xpconnect/src/xpcpublic.h

@@ -11,6 +11,7 @@
 #include "js/HeapAPI.h"
 #include "js/GCAPI.h"
 #include "js/Proxy.h"
+#include "js/Wrapper.h"
 
 #include "nsAtom.h"
 #include "nsISupports.h"
@@ -103,8 +104,9 @@ GetXBLScope(JSContext* cx, JSObject* contentScope);
 inline JSObject*
 GetXBLScopeOrGlobal(JSContext* cx, JSObject* obj)
 {
+    MOZ_ASSERT(!js::IsCrossCompartmentWrapper(obj));
     if (IsInContentXBLScope(obj))
-        return js::GetGlobalForObjectCrossCompartment(obj);
+        return JS::GetNonCCWObjectGlobal(obj);
     return GetXBLScope(cx, obj);
 }