From 9ecfb0ef5dad009e7588ce215f7e2e5b535c7e3a Mon Sep 17 00:00:00 2001
From: Josh Matthews <josh@joshmatthews.net>
Date: Mon, 22 Apr 2013 19:46:40 +0200
Subject: [PATCH] Bug 863769 - Make ArrayBufferInputStream use rooting APIs
 that don't rely on the JS context being valid. r=jonco,vlad

---
 netwerk/base/src/ArrayBufferInputStream.cpp | 24 ++++++++++++++++-----
 netwerk/base/src/ArrayBufferInputStream.h   |  5 +++--
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/netwerk/base/src/ArrayBufferInputStream.cpp b/netwerk/base/src/ArrayBufferInputStream.cpp
index 67f698098c8..044ab3e1a52 100644
--- a/netwerk/base/src/ArrayBufferInputStream.cpp
+++ b/netwerk/base/src/ArrayBufferInputStream.cpp
@@ -11,13 +11,22 @@
 NS_IMPL_ISUPPORTS2(ArrayBufferInputStream, nsIArrayBufferInputStream, nsIInputStream);
 
 ArrayBufferInputStream::ArrayBufferInputStream()
-: mBuffer(nullptr)
+: mRt(nullptr)
+, mArrayBuffer(JSVAL_VOID)
+, mBuffer(nullptr)
 , mBufferLength(0)
 , mOffset(0)
 , mClosed(false)
 {
 }
 
+ArrayBufferInputStream::~ArrayBufferInputStream()
+{
+  if (mRt) {
+    JS_RemoveValueRootRT(mRt, &mArrayBuffer);
+  }
+}
+
 NS_IMETHODIMP
 ArrayBufferInputStream::SetData(const JS::Value& aBuffer,
                                 uint32_t aByteOffset,
@@ -27,14 +36,19 @@ ArrayBufferInputStream::SetData(const JS::Value& aBuffer,
   if (!aBuffer.isObject()) {
     return NS_ERROR_FAILURE;
   }
-  mArrayBuffer.construct(aCx, &aBuffer.toObject());
-  if (!JS_IsArrayBufferObject(mArrayBuffer.ref())) {
+  JS::RootedObject arrayBuffer(aCx, &aBuffer.toObject());
+  if (!JS_IsArrayBufferObject(arrayBuffer)) {
     return NS_ERROR_FAILURE;
   }
-  uint32_t buflen = JS_GetArrayBufferByteLength(mArrayBuffer.ref());
+
+  mRt = JS_GetRuntime(aCx);
+  mArrayBuffer = aBuffer;
+  JS_AddNamedValueRootRT(mRt, &mArrayBuffer, "mArrayBuffer");
+
+  uint32_t buflen = JS_GetArrayBufferByteLength(arrayBuffer);
   mOffset = std::min(buflen, aByteOffset);
   mBufferLength = std::min(buflen - mOffset, aLength);
-  mBuffer = JS_GetArrayBufferData(mArrayBuffer.ref());
+  mBuffer = JS_GetArrayBufferData(arrayBuffer);
   return NS_OK;
 }
 
diff --git a/netwerk/base/src/ArrayBufferInputStream.h b/netwerk/base/src/ArrayBufferInputStream.h
index a19c4ac6c20..21b0caa5284 100644
--- a/netwerk/base/src/ArrayBufferInputStream.h
+++ b/netwerk/base/src/ArrayBufferInputStream.h
@@ -22,13 +22,14 @@
 class ArrayBufferInputStream : public nsIArrayBufferInputStream {
 public:
   ArrayBufferInputStream();
-  virtual ~ArrayBufferInputStream() {}
+  virtual ~ArrayBufferInputStream();
   NS_DECL_ISUPPORTS
   NS_DECL_NSIARRAYBUFFERINPUTSTREAM
   NS_DECL_NSIINPUTSTREAM
 
 private:
-  mozilla::Maybe<JS::RootedObject> mArrayBuffer;
+  JSRuntime* mRt;
+  jsval mArrayBuffer;
   uint8_t* mBuffer;
   uint32_t mBufferLength;
   uint32_t mOffset;