bug 79445, fixing crash with some event handlers (null pointer dereference)

r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened bug 56009.
2025-01-31 02:48:48 +00:00 · 2001-05-15 04:44:54 +00:00 · 2001-05-15 04:44:54 +00:00 · 475bbed189
commit 475bbed189
parent 04fa6cbeca
1 changed files with 8 additions and 5 deletions
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -791,8 +791,13 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
    nsCOMPtr<nsIPrincipal> subject;
    nsresult rv = GetFunctionObjectPrincipal(aCx, (JSObject *)aFunObj, 
                                             getter_AddRefs(subject));
-    if (NS_FAILED(rv))
-        return rv;
+    //-- If subject is null, get a principal from the function object's scope.
+    if (NS_SUCCEEDED(rv) && !subject)
+        rv = GetObjectPrincipal(aCx, (JSObject*)aFunObj, getter_AddRefs(subject));
+
+    if (NS_FAILED(rv)) return rv;
+    if (!subject) return NS_ERROR_FAILURE;
+

    PRBool isSystem;
    if (NS_SUCCEEDED(subject->Equals(mSystemPrincipal, &isSystem)) && isSystem) 
@ -801,8 +806,6 @@ nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,

    // Check if the principal the function was compiled under is
    // allowed to execute scripts.
-    if (!subject)
-      return NS_ERROR_DOM_SECURITY_ERR;

    PRBool result;
    rv = CanExecuteScripts(aCx, subject, &result);
@ -1064,7 +1067,7 @@ nsScriptSecurityManager::GetScriptPrincipal(JSContext *cx,
    }
    nsJSPrincipals *nsJSPrin = NS_STATIC_CAST(nsJSPrincipals *, jsp);
    *result = nsJSPrin->nsIPrincipalPtr;
-    if (!result)
+    if (!*result)
        return NS_ERROR_FAILURE;
    NS_ADDREF(*result);
    return NS_OK;