Bug 1330759 part 2. Fix XPCConvert::JSData2Native to not share an external string stringbuffer if it would create a non-null-terminated string. r=froydnj

js/xpconnect/src/XPCConvert.cpp

@@ -524,7 +524,13 @@ XPCConvert::JSData2Native(void* d, HandleValue s,
             // The characters represent an existing nsStringBuffer that
             // was shared by XPCStringConvert::ReadableToJSVal.
             const char16_t* chars = JS_GetTwoByteExternalStringChars(str);
-            nsStringBuffer::FromData((void*)chars)->ToString(length, *ws);
+            if (chars[length] == '\0') {
+                // Safe to share the buffer.
+                nsStringBuffer::FromData((void*)chars)->ToString(length, *ws);
+            } else {
+                // We have to copy to ensure null-termination.
+                ws->Assign(chars, length);
+            }
         } else if (XPCStringConvert::IsLiteral(str)) {
             // The characters represent a literal char16_t string constant
             // compiled into libxul, such as the string "undefined" above.