From d49fb8a6919dfa446951bf83e14939ff2fc95db1 Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Tue, 8 Sep 2020 11:00:27 +0000
Subject: Issue #618 - Clear the module map when changing a Document's global
 and add release build assertions for mismatching compartments.

---
 dom/html/nsHTMLDocument.cpp | 3 +++
 dom/script/ScriptLoader.cpp | 5 +++++
 dom/script/ScriptLoader.h   | 6 ++++++
 js/src/jsapi.cpp            | 6 +++---
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp
index fc5268acc..b0747fb04 100644
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@@ -1511,6 +1511,9 @@ nsHTMLDocument::Open(JSContext* cx,
     // document again otherwise the document could have a non-zero onload block
     // count without the onload blocker request being in the loadgroup.
     EnsureOnloadBlocker();
+
+    // Throw away loaded modules created for the previous global.
+    ScriptLoader()->ClearModuleMap();
   }
 
   // Step 8 - Clear all event listeners out of our DOM tree
diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
index 71838580f..362c27f3e 100644
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -477,6 +477,11 @@ ScriptLoader::GetFetchedModule(nsIURI* aURL) const
   return ms;
 }
 
+void ScriptLoader::ClearModuleMap() {
+  MOZ_ASSERT(mFetchingModules.IsEmpty());
+  mFetchedModules.Clear();
+}
+
 nsresult
 ScriptLoader::ProcessFetchedModuleSource(ModuleLoadRequest* aRequest)
 {
diff --git a/dom/script/ScriptLoader.h b/dom/script/ScriptLoader.h
index 2c5b683e7..73f2a9258 100644
--- a/dom/script/ScriptLoader.h
+++ b/dom/script/ScriptLoader.h
@@ -506,6 +506,12 @@ public:
     return mPendingChildLoaders.AppendElement(aChild) != nullptr;
   }
 
+  /*
+   * Clear the map of loaded modules. Called when a Document object is reused
+   * for a different global.
+   */
+  void ClearModuleMap();
+
 private:
   virtual ~ScriptLoader();
 
diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp
index 69a3ba2ac..c0f0e61cc 100644
--- a/js/src/jsapi.cpp
+++ b/js/src/jsapi.cpp
@@ -4708,7 +4708,7 @@ JS::ModuleInstantiate(JSContext* cx, JS::HandleObject moduleArg)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, moduleArg);
+    releaseAssertSameCompartment(cx, moduleArg);
     return ModuleObject::Instantiate(cx, moduleArg.as<ModuleObject>());
 }
 
@@ -4717,7 +4717,7 @@ JS::ModuleEvaluate(JSContext* cx, JS::HandleObject moduleArg)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, moduleArg);
+    releaseAssertSameCompartment(cx, moduleArg);
     return ModuleObject::Evaluate(cx, moduleArg.as<ModuleObject>());
 }
 
@@ -6204,7 +6204,7 @@ JS_SetPendingException(JSContext* cx, HandleValue value)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, value);
+    releaseAssertSameCompartment(cx, value);
     cx->setPendingException(value);
 }
 
-- 
cgit v1.2.3