From 66588eb6ec48ddde2c98cb08a6c059a868b5e4fc Mon Sep 17 00:00:00 2001
From: Terrence Cole <terrence@mozilla.com>
Date: Wed, 23 Oct 2013 15:33:00 -0700
Subject: [PATCH] Bug 930101 - Fix an exact rooting hazard in
 JSObjectFromInterface; r=smaug

---
 dom/base/nsJSEnvironment.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dom/base/nsJSEnvironment.cpp b/dom/base/nsJSEnvironment.cpp
index a99dfbeda473..c4bd3a8785d2 100644
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@@ -1044,10 +1044,12 @@ nsJSContext::JSObjectFromInterface(nsISupports* aTarget,
   }
 
 #ifdef DEBUG
+  JS::Rooted<JSObject*> rootedObj(cx, obj);
   nsCOMPtr<nsISupports> targetSupp = do_QueryInterface(aTarget);
   nsCOMPtr<nsISupports> native =
-    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, obj);
+    nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, rootedObj);
   NS_ASSERTION(native == targetSupp, "Native should be the target!");
+  obj = rootedObj;
 #endif
 
   *aRet = obj;