Bug 1123114 - Mark DOMString::mStringBuffer as unsafe; r=smaug

dom/bindings/DOMString.h

@@ -175,7 +175,9 @@ class MOZ_STACK_CLASS DOMString {
 
   // For callees that know we exist, we can be a stringbuffer/length/null-flag
   // triple.
-  nsStringBuffer* mStringBuffer;
+  nsStringBuffer* MOZ_UNSAFE_REF("The ways in which this can be safe are "
+                                 "documented above and enforced through "
+                                 "assertions") mStringBuffer;
   uint32_t mLength;
   bool mIsNull;
 };