From a131886a86e62d55e343cc78df09d5f4dbad12bd Mon Sep 17 00:00:00 2001
From: Jacek Caban <jacek@codeweavers.com>
Date: Mon, 27 Dec 2010 22:22:02 +0100
Subject: [PATCH] mshtml: Fixed unsafe cast in CreateChromeWindow2
 implementation.

---
 dlls/mshtml/mshtml_private.h |  1 +
 dlls/mshtml/nsembed.c        | 13 +++++++++++--
 dlls/mshtml/nsservice.c      |  3 +--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/dlls/mshtml/mshtml_private.h b/dlls/mshtml/mshtml_private.h
index bff3d14ed65..15c5abfd480 100644
--- a/dlls/mshtml/mshtml_private.h
+++ b/dlls/mshtml/mshtml_private.h
@@ -705,6 +705,7 @@ void ConnectionPointContainer_Destroy(ConnectionPointContainer*);
 
 NSContainer *NSContainer_Create(HTMLDocumentObj*,NSContainer*);
 void NSContainer_Release(NSContainer*);
+nsresult create_chrome_window(nsIWebBrowserChrome*,nsIWebBrowserChrome**);
 
 void init_mutation(HTMLDocumentNode*);
 void release_mutation(HTMLDocumentNode*);
diff --git a/dlls/mshtml/nsembed.c b/dlls/mshtml/nsembed.c
index d766af87ebb..e9a176d26d1 100644
--- a/dlls/mshtml/nsembed.c
+++ b/dlls/mshtml/nsembed.c
@@ -1150,8 +1150,6 @@ static nsresult NSAPI nsWebBrowserChrome_ExitModalEventLoop(nsIWebBrowserChrome
     return NS_ERROR_NOT_IMPLEMENTED;
 }
 
-#undef NSWBCHROME_THIS
-
 static const nsIWebBrowserChromeVtbl nsWebBrowserChromeVtbl = {
     nsWebBrowserChrome_QueryInterface,
     nsWebBrowserChrome_AddRef,
@@ -1711,6 +1709,17 @@ static const nsISupportsWeakReferenceVtbl nsSupportsWeakReferenceVtbl = {
     nsSupportsWeakReference_GetWeakReference
 };
 
+nsresult create_chrome_window(nsIWebBrowserChrome *parent, nsIWebBrowserChrome **ret)
+{
+    NSContainer *new_container;
+
+    if(parent->lpVtbl != &nsWebBrowserChromeVtbl)
+        return NS_ERROR_UNEXPECTED;
+
+    new_container = NSContainer_Create(NULL, NSWBCHROME_THIS(parent));
+    *ret = NSWBCHROME(new_container);
+    return NS_OK;
+}
 
 NSContainer *NSContainer_Create(HTMLDocumentObj *doc, NSContainer *parent)
 {
diff --git a/dlls/mshtml/nsservice.c b/dlls/mshtml/nsservice.c
index 792feb5d57e..b280020959e 100644
--- a/dlls/mshtml/nsservice.c
+++ b/dlls/mshtml/nsservice.c
@@ -99,8 +99,7 @@ static nsresult NSAPI nsWindowCreator_CreateChromeWindow2(nsIWindowCreator2 *ifa
     if(cancel)
         *cancel = FALSE;
 
-    *_retval = NSWBCHROME(NSContainer_Create(NULL, (NSContainer*)parent));
-    return NS_OK;
+    return create_chrome_window(parent, _retval);
 }
 
 static const nsIWindowCreator2Vtbl nsWindowCreatorVtbl = {