From 816cc8407ba6262c37c16c730bb5161dd87f1bfb Mon Sep 17 00:00:00 2001
From: Masayuki Nakano <masayuki@d-toybox.com>
Date: Thu, 4 Sep 2014 18:49:24 +0900
Subject: [PATCH] Bug 1061810 ContentEventHandler::SetRangeFromFlatTextOffset()
 should use nsRange::SetStart(nsINode*, int32_t) instead of
 nsRange::SetStart(nsIDOMNode*, int32_t) because the security check sometims
 fails and we can void the unnecessary QI r=smaug

---
 dom/events/ContentEventHandler.cpp | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/dom/events/ContentEventHandler.cpp b/dom/events/ContentEventHandler.cpp
index 65f48d9a3ffe..8d8952858443 100644
--- a/dom/events/ContentEventHandler.cpp
+++ b/dom/events/ContentEventHandler.cpp
@@ -507,9 +507,6 @@ ContentEventHandler::SetRangeFromFlatTextOffset(nsRange* aRange,
     }
 
     if (offset <= aOffset && aOffset < offset + textLength) {
-      nsCOMPtr<nsIDOMNode> domNode(do_QueryInterface(content));
-      NS_ASSERTION(domNode, "aContent doesn't have nsIDOMNode!");
-
       uint32_t xpOffset;
       if (!content->IsNodeOfType(nsINode::eTEXT)) {
         xpOffset = 0;
@@ -530,20 +527,18 @@ ContentEventHandler::SetRangeFromFlatTextOffset(nsRange* aRange,
         }
       }
 
-      rv = aRange->SetStart(domNode, int32_t(xpOffset));
+      rv = aRange->SetStart(content, int32_t(xpOffset));
       NS_ENSURE_SUCCESS(rv, rv);
       startSet = true;
       if (aLength == 0) {
         // Ensure that the end offset and the start offset are same.
-        rv = aRange->SetEnd(domNode, int32_t(xpOffset));
+        rv = aRange->SetEnd(content, int32_t(xpOffset));
         NS_ENSURE_SUCCESS(rv, rv);
         return NS_OK;
       }
     }
     if (endOffset <= offset + textLength) {
-      nsCOMPtr<nsIDOMNode> domNode(do_QueryInterface(content));
-      NS_ASSERTION(domNode, "aContent doesn't have nsIDOMNode!");
-
+      nsINode* endNode = content;
       uint32_t xpOffset;
       if (content->IsNodeOfType(nsINode::eTEXT)) {
         xpOffset = endOffset - offset;
@@ -562,10 +557,10 @@ ContentEventHandler::SetRangeFromFlatTextOffset(nsRange* aRange,
         if (iter->IsDone()) {
           break;
         }
-        domNode = do_QueryInterface(iter->GetCurrentNode());
+        endNode = iter->GetCurrentNode();
       }
 
-      rv = aRange->SetEnd(domNode, int32_t(xpOffset));
+      rv = aRange->SetEnd(endNode, int32_t(xpOffset));
       NS_ENSURE_SUCCESS(rv, rv);
       return NS_OK;
     }
@@ -577,17 +572,15 @@ ContentEventHandler::SetRangeFromFlatTextOffset(nsRange* aRange,
     return NS_ERROR_FAILURE;
   }
 
-  nsCOMPtr<nsIDOMNode> domNode(do_QueryInterface(mRootContent));
-  NS_ASSERTION(domNode, "lastContent doesn't have nsIDOMNode!");
   if (!startSet) {
     MOZ_ASSERT(!mRootContent->IsNodeOfType(nsINode::eTEXT));
-    rv = aRange->SetStart(domNode, int32_t(mRootContent->GetChildCount()));
+    rv = aRange->SetStart(mRootContent, int32_t(mRootContent->GetChildCount()));
     NS_ENSURE_SUCCESS(rv, rv);
     if (aNewOffset) {
       *aNewOffset = offset;
     }
   }
-  rv = aRange->SetEnd(domNode, int32_t(mRootContent->GetChildCount()));
+  rv = aRange->SetEnd(mRootContent, int32_t(mRootContent->GetChildCount()));
   NS_ASSERTION(NS_SUCCEEDED(rv), "nsIDOMRange::SetEnd failed");
   return rv;
 }