From fdcfdfd8d0d2454dd517c5758626ec4884f5e0c5 Mon Sep 17 00:00:00 2001 From: Blake Kaplan Date: Fri, 8 Apr 2011 14:28:24 -0700 Subject: [PATCH] Bug 642022 - Deal with the return value being in a different compartment. r=gal --HG-- extra : rebase_source : b924c99e830cdafd7e1471cf087e69cfc7e33e23 --- content/base/crashtests/642022-1.html | 4 ++++ content/base/crashtests/crashtests.list | 1 + dom/base/nsJSEnvironment.cpp | 12 +++++++++--- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 content/base/crashtests/642022-1.html diff --git a/content/base/crashtests/642022-1.html b/content/base/crashtests/642022-1.html new file mode 100644 index 00000000000..b2bc59085f5 --- /dev/null +++ b/content/base/crashtests/642022-1.html @@ -0,0 +1,4 @@ + + diff --git a/content/base/crashtests/crashtests.list b/content/base/crashtests/crashtests.list index c06123c42cf..21f9e3636d7 100644 --- a/content/base/crashtests/crashtests.list +++ b/content/base/crashtests/crashtests.list @@ -86,5 +86,6 @@ load 593302-2.html load 610571-1.html load 604262-1.html load 628599-1.html +load 642022-1.html load 637214-1.svg load 637214-2.svg diff --git a/dom/base/nsJSEnvironment.cpp b/dom/base/nsJSEnvironment.cpp index 51c85f1bf13..337f85bac1f 100644 --- a/dom/base/nsJSEnvironment.cpp +++ b/dom/base/nsJSEnvironment.cpp @@ -1925,10 +1925,16 @@ nsJSContext::CallEventHandler(nsISupports* aTarget, void *aScope, void *aHandler // Convert to variant before calling ScriptEvaluated, as it may GC, meaning // we would need to root rval. if (NS_SUCCEEDED(rv)) { - if (rval == JSVAL_NULL) + if (rval == JSVAL_NULL) { *arv = nsnull; - else - rv = nsContentUtils::XPConnect()->JSToVariant(mContext, rval, arv); + } else { + if (!JS_WrapValue(mContext, &rval)) { + ReportPendingException(); + rv = NS_ERROR_FAILURE; + } else { + rv = nsContentUtils::XPConnect()->JSToVariant(mContext, rval, arv); + } + } } // ScriptEvaluated needs to come after we pop the stack