From ecbd6ca8081bb7142a5fbbb5fc74cd90d326d24d Mon Sep 17 00:00:00 2001
From: Bob Owen <bobowencode@gmail.com>
Date: Fri, 7 Jul 2017 15:51:17 +0100
Subject: [PATCH] Bug 1366694 Part 1: Allow user handles in the content process
 job in DEBUG builds. r=jimm

---
 .../sandbox/win/src/sandboxbroker/sandboxBroker.cpp    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index e5181ca0584f..13aa4cd304b7 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -278,8 +278,14 @@ SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
     }
   }
 
-  sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel,
-                                                    0 /* ui_exceptions */);
+#if defined(DEBUG)
+  // This is required for a MOZ_ASSERT check in WindowsMessageLoop.cpp
+  // WinEventHook, see bug 1366694 for details.
+  DWORD uiExceptions = JOB_OBJECT_UILIMIT_HANDLES;
+#else
+  DWORD uiExceptions = 0;
+#endif
+  sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel, uiExceptions);
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "Setting job level failed, have you set memory limit when jobLevel == JOB_NONE?");