From 741c3a413022b0a4d03aad9a9dcf9fba93caf4e6 Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Thu, 2 Aug 2018 09:15:42 +0200
Subject: [PATCH] Bug 1479712 part 5 - Use JSAutoRealm instead of
 JSAutoRealmAllowCCW in xpc::StackScopedClone. r=bholley

---
 js/xpconnect/src/ExportHelpers.cpp | 13 +++----------
 js/xpconnect/src/XPCComponents.cpp |  5 ++++-
 js/xpconnect/src/xpcprivate.h      |  3 ++-
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/js/xpconnect/src/ExportHelpers.cpp b/js/xpconnect/src/ExportHelpers.cpp
index 8d5f92437050..5a3e47794635 100644
--- a/js/xpconnect/src/ExportHelpers.cpp
+++ b/js/xpconnect/src/ExportHelpers.cpp
@@ -206,20 +206,13 @@ public:
  * function returns, |val| is set to the result of the clone.
  */
 bool
-StackScopedClone(JSContext* cx, StackScopedCloneOptions& options,
+StackScopedClone(JSContext* cx, StackScopedCloneOptions& options, HandleObject sourceScope,
                  MutableHandleValue val)
 {
     StackScopedCloneData data(cx, &options);
     {
-        // For parsing val we have to enter its realm.
-        // (unless it's a primitive)
-        Maybe<JSAutoRealmAllowCCW> ar;
-        if (val.isObject()) {
-            ar.emplace(cx, &val.toObject());
-        } else if (val.isString() && !JS_WrapValue(cx, val)) {
-            return false;
-        }
-
+        // For parsing val we have to enter (a realm in) its compartment.
+        JSAutoRealm ar(cx, sourceScope);
         if (!data.Write(cx, val))
             return false;
     }
diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
index 5d8a6e585d90..29bd998c2163 100644
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -2967,10 +2967,13 @@ xpc::CloneInto(JSContext* aCx, HandleValue aValue, HandleValue aScope,
     if (aOptions.isObject() && !options.Parse())
         return false;
 
+    js::AssertSameCompartment(aCx, aValue);
+    RootedObject sourceScope(aCx, JS::CurrentGlobalOrNull(aCx));
+
     {
         JSAutoRealm ar(aCx, scope);
         aCloned.set(aValue);
-        if (!StackScopedClone(aCx, options, aCloned))
+        if (!StackScopedClone(aCx, options, sourceScope, aCloned))
             return false;
     }
 
diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h
index 957f190f16ed..52d0ce4bdeb4 100644
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -2806,7 +2806,8 @@ CloneInto(JSContext* cx, JS::HandleValue vobj, JS::HandleValue vscope,
           JS::HandleValue voptions, JS::MutableHandleValue rval);
 
 bool
-StackScopedClone(JSContext* cx, StackScopedCloneOptions& options, JS::MutableHandleValue val);
+StackScopedClone(JSContext* cx, StackScopedCloneOptions& options, JS::HandleObject sourceScope,
+                 JS::MutableHandleValue val);
 
 } /* namespace xpc */