From fb3e0b058e0f91a4ee0b863b42241abc54bd55c5 Mon Sep 17 00:00:00 2001
From: Ryan VanderMeulen <ryanvm@gmail.com>
Date: Tue, 21 Jul 2015 13:00:55 -0400
Subject: [PATCH] Backed out changeset 553a3e1e7b18 (bug 1176341) for bustage.
 CLOSED TREE

---
 dom/base/Console.cpp                          | 31 +++++++++++------
 dom/base/Console.h                            |  6 ++--
 dom/datastore/DataStoreDB.cpp                 | 10 ++++--
 dom/workers/ScriptLoader.cpp                  |  6 ++--
 dom/workers/ServiceWorkerScriptCache.cpp      | 34 +++++++++----------
 .../autoconfig/src/nsJSConfigTriggers.cpp     |  8 ++---
 js/xpconnect/idl/nsIXPConnect.idl             |  5 +--
 js/xpconnect/src/nsXPConnect.cpp              |  6 ++--
 8 files changed, 62 insertions(+), 44 deletions(-)

diff --git a/dom/base/Console.cpp b/dom/base/Console.cpp
index 271b7406c48a..9f33d232b6e5 100644
--- a/dom/base/Console.cpp
+++ b/dom/base/Console.cpp
@@ -324,7 +324,13 @@ private:
 
     AutoSafeJSContext cx;
 
-    JS::Rooted<JSObject*> global(cx, mConsole->GetOrCreateSandbox(cx, wp->GetPrincipal()));
+    nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox =
+      mConsole->GetOrCreateSandbox(cx, wp->GetPrincipal());
+    if (NS_WARN_IF(!sandbox)) {
+       return;
+    }
+
+    JS::Rooted<JSObject*> global(cx, sandbox->GetJSObject());
     if (NS_WARN_IF(!global)) {
       return;
     }
@@ -655,7 +661,7 @@ private:
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(Console)
 
-// We don't need to traverse/unlink mStorage and mSandbox because they are not
+// We don't need to traverse/unlink mStorage and mSanbox because they are not
 // CCed objects and they are only used on the main thread, even when this
 // Console object is used on workers.
 
@@ -709,12 +715,19 @@ Console::Console(nsPIDOMWindow* aWindow)
 Console::~Console()
 {
   if (!NS_IsMainThread()) {
+    nsCOMPtr<nsIThread> mainThread;
+    NS_GetMainThread(getter_AddRefs(mainThread));
+
     if (mStorage) {
-      NS_ReleaseOnMainThread(mStorage);
+      nsIConsoleAPIStorage* storage;
+      mStorage.forget(&storage);
+      NS_ProxyRelease(mainThread, storage, false);
     }
 
     if (mSandbox) {
-      NS_ReleaseOnMainThread(mSandbox);
+      nsIXPConnectJSObjectHolder* sandbox;
+      mSandbox.forget(&sandbox);
+      NS_ProxyRelease(mainThread, sandbox, false);
     }
   }
 
@@ -1863,7 +1876,7 @@ Console::ShouldIncludeStackTrace(MethodName aMethodName)
   }
 }
 
-JSObject*
+nsIXPConnectJSObjectHolder*
 Console::GetOrCreateSandbox(JSContext* aCx, nsIPrincipal* aPrincipal)
 {
   MOZ_ASSERT(NS_IsMainThread());
@@ -1872,16 +1885,14 @@ Console::GetOrCreateSandbox(JSContext* aCx, nsIPrincipal* aPrincipal)
     nsIXPConnect* xpc = nsContentUtils::XPConnect();
     MOZ_ASSERT(xpc, "This should never be null!");
 
-    JS::Rooted<JSObject*> sandbox(aCx);
-    nsresult rv = xpc->CreateSandbox(aCx, aPrincipal, sandbox.address());
+    nsresult rv = xpc->CreateSandbox(aCx, aPrincipal,
+                                     getter_AddRefs(mSandbox));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return nullptr;
     }
-
-    mSandbox = new JSObjectHolder(aCx, sandbox);
   }
 
-  return mSandbox->GetJSObject();
+  return mSandbox;
 }
 
 } // namespace dom
diff --git a/dom/base/Console.h b/dom/base/Console.h
index 4ef5fdb1a116..ed1ecc309105 100644
--- a/dom/base/Console.h
+++ b/dom/base/Console.h
@@ -9,7 +9,6 @@
 
 #include "mozilla/dom/BindingDeclarations.h"
 #include "mozilla/ErrorResult.h"
-#include "mozilla/JSObjectHolder.h"
 #include "nsCycleCollectionParticipant.h"
 #include "nsDataHashtable.h"
 #include "nsHashKeys.h"
@@ -21,6 +20,7 @@
 class nsIConsoleAPIStorage;
 class nsIPrincipal;
 class nsIProfiler;
+class nsIXPConnectJSObjectHolder;
 
 namespace mozilla {
 namespace dom {
@@ -199,12 +199,12 @@ private:
   bool
   ShouldIncludeStackTrace(MethodName aMethodName);
 
-  JSObject*
+  nsIXPConnectJSObjectHolder*
   GetOrCreateSandbox(JSContext* aCx, nsIPrincipal* aPrincipal);
 
   nsCOMPtr<nsPIDOMWindow> mWindow;
   nsCOMPtr<nsIConsoleAPIStorage> mStorage;
-  nsRefPtr<JSObjectHolder> mSandbox;
+  nsCOMPtr<nsIXPConnectJSObjectHolder> mSandbox;
 #ifdef MOZ_ENABLE_PROFILER_SPS
   nsCOMPtr<nsIProfiler> mProfiler;
 #endif
diff --git a/dom/datastore/DataStoreDB.cpp b/dom/datastore/DataStoreDB.cpp
index f8374abe9d17..19d34f37ec9b 100644
--- a/dom/datastore/DataStoreDB.cpp
+++ b/dom/datastore/DataStoreDB.cpp
@@ -113,12 +113,18 @@ DataStoreDB::CreateFactoryIfNeeded()
     MOZ_ASSERT(xpc);
 
     AutoSafeJSContext cx;
-    JS::Rooted<JSObject*> global(cx);
-    rv = xpc->CreateSandbox(cx, principal, global.address());
+
+    nsCOMPtr<nsIXPConnectJSObjectHolder> globalHolder;
+    rv = xpc->CreateSandbox(cx, principal, getter_AddRefs(globalHolder));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return rv;
     }
 
+    JS::Rooted<JSObject*> global(cx, globalHolder->GetJSObject());
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
     // The CreateSandbox call returns a proxy to the actual sandbox object. We
     // don't need a proxy here.
     global = js::UncheckedUnwrap(global);
diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp
index f8513f42ffc5..41be9458343d 100644
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -1287,13 +1287,13 @@ CacheCreator::CreateCacheStorage(nsIPrincipal* aPrincipal)
   MOZ_ASSERT(xpc, "This should never be null!");
 
   mozilla::AutoSafeJSContext cx;
-  JS::Rooted<JSObject*> sandbox(cx);
-  nsresult rv = xpc->CreateSandbox(cx, aPrincipal, sandbox.address());
+  nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox;
+  nsresult rv = xpc->CreateSandbox(cx, aPrincipal, getter_AddRefs(sandbox));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  mSandboxGlobalObject = xpc::NativeGlobal(sandbox);
+  mSandboxGlobalObject = xpc::NativeGlobal(sandbox->GetJSObject());
   if (NS_WARN_IF(!mSandboxGlobalObject)) {
     return NS_ERROR_FAILURE;
   }
diff --git a/dom/workers/ServiceWorkerScriptCache.cpp b/dom/workers/ServiceWorkerScriptCache.cpp
index b19872b5ce34..48b695585e16 100644
--- a/dom/workers/ServiceWorkerScriptCache.cpp
+++ b/dom/workers/ServiceWorkerScriptCache.cpp
@@ -32,31 +32,35 @@ namespace serviceWorkerScriptCache {
 
 namespace {
 
-// XXX A sandbox nsIGlobalObject does not preserve its reflector, so |aSandbox|
-// must be kept alive as long as the CacheStorage if you want to ensure that
-// the CacheStorage will continue to work. Failures will manifest as errors
-// like "JavaScript error: , line 0: TypeError: The expression cannot be
-// converted to return the specified type."
 already_AddRefed<CacheStorage>
-CreateCacheStorage(JSContext* aCx, nsIPrincipal* aPrincipal, ErrorResult& aRv,
-                   JS::MutableHandle<JSObject*> aSandbox)
+CreateCacheStorage(nsIPrincipal* aPrincipal, ErrorResult& aRv,
+                   nsIXPConnectJSObjectHolder** aHolder = nullptr)
 {
   AssertIsOnMainThread();
   MOZ_ASSERT(aPrincipal);
 
   nsIXPConnect* xpc = nsContentUtils::XPConnect();
   MOZ_ASSERT(xpc, "This should never be null!");
-  aRv = xpc->CreateSandbox(aCx, aPrincipal, aSandbox.address());
+
+  AutoJSAPI jsapi;
+  jsapi.Init();
+  nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox;
+  aRv = xpc->CreateSandbox(jsapi.cx(), aPrincipal, getter_AddRefs(sandbox));
   if (NS_WARN_IF(aRv.Failed())) {
     return nullptr;
   }
 
-  nsCOMPtr<nsIGlobalObject> sandboxGlobalObject = xpc::NativeGlobal(aSandbox);
+  nsCOMPtr<nsIGlobalObject> sandboxGlobalObject =
+    xpc::NativeGlobal(sandbox->GetJSObject());
   if (!sandboxGlobalObject) {
     aRv.Throw(NS_ERROR_FAILURE);
     return nullptr;
   }
 
+  if (aHolder) {
+    sandbox.forget(aHolder);
+  }
+
   // We assume private browsing is not enabled here.  The ScriptLoader
   // explicitly fails for private browsing so there should never be
   // a service worker running in private browsing mode.  Therefore if
@@ -317,11 +321,8 @@ public:
 
     // Always create a CacheStorage since we want to write the network entry to
     // the cache even if there isn't an existing one.
-    AutoJSAPI jsapi;
-    jsapi.Init();
     ErrorResult result;
-    mSandbox.init(jsapi.cx());
-    mCacheStorage = CreateCacheStorage(jsapi.cx(), aPrincipal, result, &mSandbox);
+    mCacheStorage = CreateCacheStorage(aPrincipal, result, getter_AddRefs(mSandbox));
     if (NS_WARN_IF(result.Failed())) {
       MOZ_ASSERT(!result.IsErrorWithMessage());
       return result.StealNSResult();
@@ -622,7 +623,7 @@ private:
   }
 
   nsRefPtr<CompareCallback> mCallback;
-  JS::PersistentRooted<JSObject*> mSandbox;
+  nsCOMPtr<nsIXPConnectJSObjectHolder> mSandbox;
   nsRefPtr<CacheStorage> mCacheStorage;
 
   nsRefPtr<CompareNetwork> mCN;
@@ -958,11 +959,8 @@ PurgeCache(nsIPrincipal* aPrincipal, const nsAString& aCacheName)
     return NS_OK;
   }
 
-  AutoJSAPI jsapi;
-  jsapi.Init();
   ErrorResult rv;
-  JS::Rooted<JSObject*> sandboxObject(jsapi.cx());
-  nsRefPtr<CacheStorage> cacheStorage = CreateCacheStorage(jsapi.cx(), aPrincipal, rv, &sandboxObject);
+  nsRefPtr<CacheStorage> cacheStorage = CreateCacheStorage(aPrincipal, rv);
   if (NS_WARN_IF(rv.Failed())) {
     return rv.StealNSResult();
   }
diff --git a/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp b/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
index 8f46cef7419d..da3cbe5859bb 100644
--- a/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
+++ b/extensions/pref/autoconfig/src/nsJSConfigTriggers.cpp
@@ -46,13 +46,13 @@ nsresult CentralizedAdminPrefManagerInit()
 
     // Create a sandbox.
     AutoSafeJSContext cx;
-    JS::Rooted<JSObject*> sandbox(cx);
-    rv = xpc->CreateSandbox(cx, principal, sandbox.address());
+    nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox;
+    rv = xpc->CreateSandbox(cx, principal, getter_AddRefs(sandbox));
     NS_ENSURE_SUCCESS(rv, rv);
 
     // Unwrap, store and root the sandbox.
-    NS_ENSURE_STATE(sandbox);
-    autoconfigSb.init(cx, js::UncheckedUnwrap(sandbox));
+    NS_ENSURE_STATE(sandbox->GetJSObject());
+    autoconfigSb.init(cx, js::UncheckedUnwrap(sandbox->GetJSObject()));
 
     return NS_OK;
 }
diff --git a/js/xpconnect/idl/nsIXPConnect.idl b/js/xpconnect/idl/nsIXPConnect.idl
index 16995c07b0d7..f7b61c29bb67 100644
--- a/js/xpconnect/idl/nsIXPConnect.idl
+++ b/js/xpconnect/idl/nsIXPConnect.idl
@@ -266,7 +266,7 @@ interface nsIXPCFunctionThisTranslator : nsISupports
     { 0xbd, 0xd6, 0x0, 0x0, 0x64, 0x65, 0x73, 0x74 } }
 %}
 
-[noscript, uuid(5be7a3cb-5a4e-4d60-aba1-456b5e309e98)]
+[noscript, uuid(b91f1eeb-2fe4-44cc-9983-abcc06d69a94)]
 interface nsIXPConnect : nsISupports
 {
 %{ C++
@@ -474,7 +474,8 @@ interface nsIXPConnect : nsISupports
      * @param principal The principal (or NULL to use the null principal)
      *                  to use when evaluating code in this sandbox.
      */
-    [noscript] JSObjectPtr createSandbox(in JSContextPtr cx, in nsIPrincipal principal);
+    [noscript] nsIXPConnectJSObjectHolder createSandbox(in JSContextPtr cx,
+                                                        in nsIPrincipal principal);
 
     /**
      * Evaluate script in a sandbox, completely isolated from all
diff --git a/js/xpconnect/src/nsXPConnect.cpp b/js/xpconnect/src/nsXPConnect.cpp
index 541dbb258947..ab748ea4033b 100644
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -751,7 +751,7 @@ nsXPConnect::SetFunctionThisTranslator(const nsIID & aIID,
 
 NS_IMETHODIMP
 nsXPConnect::CreateSandbox(JSContext* cx, nsIPrincipal* principal,
-                           JSObject** _retval)
+                           nsIXPConnectJSObjectHolder** _retval)
 {
     *_retval = nullptr;
 
@@ -762,7 +762,9 @@ nsXPConnect::CreateSandbox(JSContext* cx, nsIPrincipal* principal,
                "Bad return value from xpc_CreateSandboxObject()!");
 
     if (NS_SUCCEEDED(rv) && !rval.isPrimitive()) {
-        *_retval = rval.toObjectOrNull();
+        JSObject* obj = rval.toObjectOrNull();
+        nsRefPtr<XPCJSObjectHolder> rval = new XPCJSObjectHolder(obj);
+        rval.forget(_retval);
     }
 
     return rv;