From 7f4f3b15664766b0672f296e073b4a8935c6ef78 Mon Sep 17 00:00:00 2001
From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Wed, 4 Aug 2010 22:40:18 -0400
Subject: [PATCH] Bug 583839.  Also skip the string buffer refcounting for
 traceable native quickstubs, not just fastnative ones.  r=jst

---
 js/src/xpconnect/src/xpcquickstubs.cpp | 12 ++++++++++--
 js/src/xpconnect/src/xpcquickstubs.h   |  4 ++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/js/src/xpconnect/src/xpcquickstubs.cpp b/js/src/xpconnect/src/xpcquickstubs.cpp
index 1bb049200c80..da8f37639331 100644
--- a/js/src/xpconnect/src/xpcquickstubs.cpp
+++ b/js/src/xpconnect/src/xpcquickstubs.cpp
@@ -1087,7 +1087,7 @@ xpc_qsStringToJsval(JSContext *cx, nsString &str, jsval *rval)
 }
 
 JSBool
-xpc_qsStringToJsstring(JSContext *cx, const nsAString &str, JSString **rval)
+xpc_qsStringToJsstring(JSContext *cx, nsString &str, JSString **rval)
 {
     // From the T_DOMSTRING case in XPCConvert::NativeData2JS.
     if(str.IsVoid())
@@ -1096,10 +1096,18 @@ xpc_qsStringToJsstring(JSContext *cx, const nsAString &str, JSString **rval)
         return JS_TRUE;
     }
 
-    jsval jsstr = XPCStringConvert::ReadableToJSVal(cx, str);
+    PRBool isShared = PR_FALSE;
+    jsval jsstr =
+        XPCStringConvert::ReadableToJSVal(cx, str, PR_TRUE, &isShared);
     if(JSVAL_IS_NULL(jsstr))
         return JS_FALSE;
     *rval = JSVAL_TO_STRING(jsstr);
+    if (isShared)
+    {
+        // The string was shared but ReadableToJSVal didn't addref it.
+        // Move the ownership from str to jsstr.
+        str.ForgetSharedBuffer();
+    }
     return JS_TRUE;
 }
 
diff --git a/js/src/xpconnect/src/xpcquickstubs.h b/js/src/xpconnect/src/xpcquickstubs.h
index 98aff99cacc8..6b335ea1130d 100644
--- a/js/src/xpconnect/src/xpcquickstubs.h
+++ b/js/src/xpconnect/src/xpcquickstubs.h
@@ -425,9 +425,9 @@ xpc_qsJsvalToWcharStr(JSContext *cx, jsval v, jsval *pval, PRUnichar **pstr);
 JSBool
 xpc_qsStringToJsval(JSContext *cx, nsString &str, jsval *rval);
 
-/** Convert an nsAString to JSString, returning JS_TRUE on success. */
+/** Convert an nsString to JSString, returning JS_TRUE on success. This will sometimes modify |str| to be empty. */
 JSBool
-xpc_qsStringToJsstring(JSContext *cx, const nsAString &str, JSString **rval);
+xpc_qsStringToJsstring(JSContext *cx, nsString &str, JSString **rval);
 
 nsresult
 getWrapper(JSContext *cx,