Backout b1612e3ba9b9 & 668a56be0eef (bug 622301) for Dromaeo regressions

content/canvas/src/CustomQS_Canvas2D.h

@@ -56,7 +56,7 @@ Canvas2D_SetStyleHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
     nsIDOMCanvasRenderingContext2D *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     nsresult rv = NS_OK;
@@ -94,7 +94,7 @@ Canvas2D_GetStyleHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
     nsIDOMCanvasRenderingContext2D *self;
     xpc_qsSelfRef selfref;
     XPCLazyCallContext lccx(JS_CALLER, cx, obj);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, vp, &lccx))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, vp, &lccx))
         return JS_FALSE;
     nsresult rv;
 
@@ -301,7 +301,7 @@ nsIDOMCanvasRenderingContext2D_GetImageData(JSContext *cx, uintN argc, jsval *vp
     nsIDOMCanvasRenderingContext2D *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 4)
@@ -360,7 +360,7 @@ nsIDOMCanvasRenderingContext2D_PutImageData(JSContext *cx, uintN argc, jsval *vp
     nsIDOMCanvasRenderingContext2D *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 3)

content/canvas/src/CustomQS_WebGL.h

@@ -92,7 +92,7 @@ nsIDOMWebGLRenderingContext_BufferData(JSContext *cx, uintN argc, jsval *vp)
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 3)
@@ -165,7 +165,7 @@ nsIDOMWebGLRenderingContext_BufferSubData(JSContext *cx, uintN argc, jsval *vp)
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 3)
@@ -239,7 +239,7 @@ nsIDOMWebGLRenderingContext_ReadPixels(JSContext *cx, uintN argc, jsval *vp)
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 7)
@@ -299,7 +299,7 @@ nsIDOMWebGLRenderingContext_TexImage2D(JSContext *cx, uintN argc, jsval *vp)
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 6 || argc == 7 || argc == 8)
@@ -420,7 +420,7 @@ nsIDOMWebGLRenderingContext_TexSubImage2D(JSContext *cx, uintN argc, jsval *vp)
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 7 || argc == 8)
@@ -531,7 +531,7 @@ helper_nsIDOMWebGLRenderingContext_Uniform_x_iv(JSContext *cx, uintN argc, jsval
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 2)
@@ -605,7 +605,7 @@ helper_nsIDOMWebGLRenderingContext_Uniform_x_fv(JSContext *cx, uintN argc, jsval
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 2)
@@ -677,7 +677,7 @@ helper_nsIDOMWebGLRenderingContext_UniformMatrix_x_fv(JSContext *cx, uintN argc,
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 3)
@@ -750,7 +750,7 @@ helper_nsIDOMWebGLRenderingContext_VertexAttrib_x_fv(JSContext *cx, uintN argc,
     nsIDOMWebGLRenderingContext *self;
     xpc_qsSelfRef selfref;
     js::AutoValueRooter tvr(cx);
-    if (!xpc_qsUnwrapThis(cx, obj, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
+    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, &selfref.ptr, tvr.jsval_addr(), nsnull))
         return JS_FALSE;
 
     if (argc < 2)

js/xpconnect/src/XPCQuickStubs.cpp

@@ -778,57 +778,22 @@ getNativeFromWrapper(JSContext *cx,
 nsresult
 getWrapper(JSContext *cx,
            JSObject *obj,
+           JSObject *callee,
            XPCWrappedNative **wrapper,
            JSObject **cur,
            XPCWrappedNativeTearOff **tearoff)
 {
-
-    // We can have at most three layers in need of unwrapping here:
-    // * A (possible) security wrapper
-    // * A (possible) Xray waiver
-    // * A (possible) outer window
-    //
-    // The underlying call to js::Unwrap recursively unwraps, but stops if it
-    // hits an outer object. Thus, we need to make at most two unwrapping
-    // calls: one to handle security wrappers and waivers, and one to handle
-    // outer objects.
-    if (js::IsWrapper(obj))
-        obj = XPCWrapper::Unwrap(cx, obj);
-    if (obj && js::IsWrapper(obj)) {
-        MOZ_ASSERT(js::Wrapper::wrapperHandler(obj)->isOuterWindow());
-        obj = XPCWrapper::Unwrap(cx, obj);
+    if (XPCWrapper::IsSecurityWrapper(obj) &&
+        !(obj = XPCWrapper::Unwrap(cx, obj))) {
+        return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
     }
 
-    // The safe unwrap might have failed for SCRIPT_ACCESS_ONLY objects. If it
-    // didn't fail though, we should be done with wrappers.
-    if (!obj)
-        return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
-    MOZ_ASSERT(!js::IsWrapper(obj));
-
-    // Start with sane values.
-    *wrapper = nsnull;
-    *cur = nsnull;
+    *cur = obj;
     *tearoff = nsnull;
 
-    // Handle tearoffs.
-    //
-    // If |obj| is of the tearoff class, that means we're dealing with a JS
-    // object reflection of a particular interface (ie, |foo.nsIBar|). These
-    // JS objects are parented to their wrapper, so we snag the tearoff object
-    // along the way (if desired), and then set |obj| to its parent.
-    if (js::GetObjectClass(obj) == &XPC_WN_Tearoff_JSClass) {
-        *tearoff = (XPCWrappedNativeTearOff*) js::GetObjectPrivate(obj);
-        obj = js::GetObjectParent(obj);
-    }
-
-    // If we've got a WN or slim wrapper, store things the way callers expect.
-    // Otherwise, leave things null and return.
-    if (IS_WRAPPER_CLASS(js::GetObjectClass(obj))) {
-        if (IS_WN_WRAPPER_OBJECT(obj))
-            *wrapper = (XPCWrappedNative*) js::GetObjectPrivate(obj);
-        else
-            *cur = obj;
-    }
+    *wrapper =
+        XPCWrappedNative::GetWrappedNativeOfJSObject(cx, obj, callee, cur,
+                                                     tearoff);
 
     return NS_OK;
 }
@@ -946,7 +911,7 @@ xpc_qsUnwrapArgImpl(JSContext *cx,
         wrapper = nsnull;
         obj2 = src;
     } else {
-        rv = getWrapper(cx, src, &wrapper, &obj2, &tearoff);
+        rv = getWrapper(cx, src, nsnull, &wrapper, &obj2, &tearoff);
         NS_ENSURE_SUCCESS(rv, rv);
     }
 

js/xpconnect/src/XPCQuickStubs.h

@@ -441,6 +441,7 @@ xpc_qsStringToJsstring(JSContext *cx, nsString &str, JSString **rval);
 nsresult
 getWrapper(JSContext *cx,
            JSObject *obj,
+           JSObject *callee,
            XPCWrappedNative **wrapper,
            JSObject **cur,
            XPCWrappedNativeTearOff **tearoff);
@@ -476,6 +477,7 @@ template <class T>
 inline JSBool
 xpc_qsUnwrapThis(JSContext *cx,
                  JSObject *obj,
+                 JSObject *callee,
                  T **ppThis,
                  nsISupports **pThisRef,
                  jsval *pThisVal,
@@ -484,7 +486,7 @@ xpc_qsUnwrapThis(JSContext *cx,
 {
     XPCWrappedNative *wrapper;
     XPCWrappedNativeTearOff *tearoff;
-    nsresult rv = getWrapper(cx, obj, &wrapper, &obj, &tearoff);
+    nsresult rv = getWrapper(cx, obj, callee, &wrapper, &obj, &tearoff);
     if (NS_SUCCEEDED(rv))
         rv = castNative(cx, wrapper, obj, tearoff, NS_GET_TEMPLATE_IID(T),
                         reinterpret_cast<void **>(ppThis), pThisRef, pThisVal,
@@ -501,6 +503,7 @@ xpc_qsUnwrapThis(JSContext *cx,
 inline nsISupports*
 castNativeFromWrapper(JSContext *cx,
                       JSObject *obj,
+                      JSObject *callee,
                       PRUint32 interfaceBit,
                       nsISupports **pRef,
                       jsval *pVal,
@@ -511,9 +514,17 @@ castNativeFromWrapper(JSContext *cx,
     XPCWrappedNativeTearOff *tearoff;
     JSObject *cur;
 
-    *rv = getWrapper(cx, obj, &wrapper, &cur, &tearoff);
-    if (NS_FAILED(*rv))
-        return nsnull;
+    if (!callee && IS_WRAPPER_CLASS(js::GetObjectClass(obj))) {
+        cur = obj;
+        wrapper = IS_WN_WRAPPER_OBJECT(cur) ?
+                  (XPCWrappedNative*)xpc_GetJSPrivate(obj) :
+                  nsnull;
+        tearoff = nsnull;
+    } else {
+        *rv = getWrapper(cx, obj, callee, &wrapper, &cur, &tearoff);
+        if (NS_FAILED(*rv))
+            return nsnull;
+    }
 
     nsISupports *native;
     if (wrapper) {
@@ -606,7 +617,7 @@ castNativeArgFromWrapper(JSContext *cx,
     if (!src)
         return nsnull;
 
-    return castNativeFromWrapper(cx, src, bit, pArgRef, vp, nsnull, rv);
+    return castNativeFromWrapper(cx, src, nsnull, bit, pArgRef, vp, nsnull, rv);
 }
 
 inline nsWrapperCache*

js/xpconnect/src/nsDOMQS.h

@@ -44,6 +44,7 @@ template <>                                                                   \
 inline JSBool                                                                 \
 xpc_qsUnwrapThis<_interface>(JSContext *cx,                                   \
                              JSObject *obj,                                   \
+                             JSObject *callee,                                \
                              _interface **ppThis,                             \
                              nsISupports **pThisRef,                          \
                              jsval *pThisVal,                                 \
@@ -51,7 +52,7 @@ xpc_qsUnwrapThis<_interface>(JSContext *cx,                                   \
                              bool failureFatal)                               \
 {                                                                             \
     nsresult rv;                                                              \
-    nsISupports *native = castNativeFromWrapper(cx, obj, _bit,                \
+    nsISupports *native = castNativeFromWrapper(cx, obj, callee, _bit,        \
                                                 pThisRef, pThisVal, lccx,     \
                                                 &rv);                         \
     *ppThis = NULL;  /* avoids uninitialized warnings in callers */           \
@@ -107,6 +108,7 @@ template <>
 inline JSBool
 xpc_qsUnwrapThis<nsGenericElement>(JSContext *cx,
                                    JSObject *obj,
+                                   JSObject *callee,
                                    nsGenericElement **ppThis,
                                    nsISupports **pThisRef,
                                    jsval *pThisVal,
@@ -115,7 +117,7 @@ xpc_qsUnwrapThis<nsGenericElement>(JSContext *cx,
 {
     nsIContent *content;
     jsval val;
-    JSBool ok = xpc_qsUnwrapThis<nsIContent>(cx, obj, &content,
+    JSBool ok = xpc_qsUnwrapThis<nsIContent>(cx, obj, callee, &content,
                                              pThisRef, &val, lccx,
                                              failureFatal);
     if (ok) {

js/xpconnect/src/qsgen.py

@@ -863,6 +863,12 @@ def writeQuickStub(f, customMethodCalls, member, stubName, isSetter=False):
                 "JSVAL_TO_OBJECT(JS_CALLEE(cx, vp)));\n")
         if isInterfaceType(member.realtype):
             f.write("    XPCLazyCallContext lccx(ccx);\n")
+    elif isInterfaceType(member.realtype):
+        if isMethod:
+            f.write("    JSObject *callee = "
+                    "JSVAL_TO_OBJECT(JS_CALLEE(cx, vp));\n")
+        elif isGetter:
+            f.write("    JSObject *callee = nsnull;\n")
 
     # Get the 'self' pointer.
     if customMethodCall is None or not 'thisType' in customMethodCall:
@@ -894,10 +900,10 @@ def writeQuickStub(f, customMethodCalls, member, stubName, isSetter=False):
 
         if not isSetter and isInterfaceType(member.realtype):
             f.write("    XPCLazyCallContext lccx(JS_CALLER, cx, obj);\n")
-            f.write("    if (!xpc_qsUnwrapThis(cx, obj, &self, "
+            f.write("    if (!xpc_qsUnwrapThis(cx, obj, callee, &self, "
                     "&selfref.ptr, %s, &lccx, %s))\n" % (pthisval, unwrapFatalArg))
         else:
-            f.write("    if (!xpc_qsUnwrapThis(cx, obj, &self, "
+            f.write("    if (!xpc_qsUnwrapThis(cx, obj, nsnull, &self, "
                     "&selfref.ptr, %s, nsnull, %s))\n" % (pthisval, unwrapFatalArg))
         f.write("        return JS_FALSE;\n")