Bug 865745 - Use an AutoSafeJSContext in nsFrameMessageManager::ReceiveMessage. r=smaug

This function proceeds to push its cx and enters a compartment, so it can't be
depending on any compartment or callstack state of the cx it's using. The only
potential issue would then be reporting the error to the correct DOM window, but
this stuff is used only for chrome, where that doesn't matter. The safe JSContext
uses the same error reporter as JSMs and such, which is probably fine.

content/base/src/nsFrameLoader.cpp

@@ -2234,7 +2234,7 @@ public:
 
       nsRefPtr<nsFrameMessageManager> mm = tabChild->GetInnerManager();
       mm->ReceiveMessage(static_cast<EventTarget*>(tabChild), mMessage,
-                         false, &data, JS::NullPtr(), nullptr, nullptr);
+                         false, &data, JS::NullPtr(), nullptr);
     }
     return NS_OK;
   }

content/base/src/nsFrameMessageManager.cpp

@@ -632,14 +632,10 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
                                       bool aSync,
                                       const StructuredCloneData* aCloneData,
                                       JS::Handle<JSObject*> aObjectsArray,
-                                      InfallibleTArray<nsString>* aJSONRetVal,
-                                      JSContext* aContext)
+                                      InfallibleTArray<nsString>* aJSONRetVal)
 {
-  JSContext *cxToUse = mContext ? mContext
-                                : (aContext ? aContext
-                                            : nsContentUtils::GetSafeJSContext());
-  AutoPushJSContext ctx(cxToUse);
-  JS::Rooted<JSObject*> objectsArray(cxToUse, aObjectsArray);
+  AutoSafeJSContext ctx;
+  JS::Rooted<JSObject*> objectsArray(ctx, aObjectsArray);
   if (mListeners.Length()) {
     nsCOMPtr<nsIAtom> name = do_GetAtom(aMessage);
     MMListenerRemover lr(this);
@@ -1197,7 +1193,7 @@ public:
 
       nsRefPtr<nsFrameMessageManager> ppm = nsFrameMessageManager::sChildProcessManager;
       ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), mMessage,
-                          false, &data, JS::NullPtr(), nullptr, nullptr);
+                          false, &data, JS::NullPtr(), nullptr);
     }
     return NS_OK;
   }
@@ -1327,7 +1323,7 @@ public:
       nsRefPtr<nsFrameMessageManager> ppm =
         nsFrameMessageManager::sSameProcessParentManager;
       ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()),
-                          mMessage, false, &data, JS::NullPtr(), nullptr, nullptr);
+                          mMessage, false, &data, JS::NullPtr(), nullptr);
      }
      return NS_OK;
   }

content/base/src/nsFrameMessageManager.h

@@ -188,8 +188,7 @@ public:
   nsresult ReceiveMessage(nsISupports* aTarget, const nsAString& aMessage,
                           bool aSync, const StructuredCloneData* aCloneData,
                           JS::Handle<JSObject*> aObjectsArray,
-                          InfallibleTArray<nsString>* aJSONRetVal,
-                          JSContext* aContext = nullptr);
+                          InfallibleTArray<nsString>* aJSONRetVal);
 
   void AddChildManager(nsFrameMessageManager* aManager,
                        bool aLoadScripts = true);

content/base/src/nsInProcessTabChildGlobal.cpp

@@ -74,7 +74,7 @@ public:
 
       nsRefPtr<nsFrameMessageManager> mm = mTabChild->mChromeMessageManager;
       mm->ReceiveMessage(mTabChild->mOwner, mMessage, false, &data,
-                         JS::NullPtr(), nullptr, nullptr);
+                         JS::NullPtr(), nullptr);
     }
     return NS_OK;
   }