Closed Bug 935125 Opened 11 years ago Closed 11 years ago

Whitelist PLDHashTableOps.hashKey

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: sfink, Assigned: sfink)

Details

Attachments

(1 file)

Whitelist PLDHashTableOps.hashKey
1.50 KB, patch
terrence
: review+
Details | Diff | Splinter Review 
Hazard:

Function 'uint8 mozilla::dom::Navigator::HasTelephonySupport(JSContext*, JSObject*)' has unrooted 'aGlobal' of type 'JSObject*' live across GC call 'uint32 mozilla::Preferences::GetBool(int8*, uint8*)' at dom/base/Navigator.cpp:1706
    dom/base/Navigator.cpp:1705: Assign(1,2, enabled := 0)
    dom/base/Navigator.cpp:1706: Call(2,3, GetBool("dom.telephony.enabled",enabled))
    dom/base/Navigator.cpp:1707: Call(3,4, __temp_1 := __builtin_expect(!enabled*,0))
    dom/base/Navigator.cpp:1707: Assume(4,7, (__temp_1* != 0), false)
    dom/base/Navigator.cpp:1709: Call(7,8, __temp_3 := GetWindowFromGlobal(aGlobal*))
GC Function: uint32 mozilla::Preferences::GetBool(int8*, uint8*)
    PREF_GetBoolPref
    PrefHashEntry* pref_HashTableLookup(void*)
    PL_DHashTableOperate
    FieldCall: PLDHashTableOps.hashKey

I really hope nobody calls back into JS in order to compute a hash key. Am I naively optimistic?

        Attachment #827539 -
        Flags: review?(terrence)

    
    

    
  
(In reply to Steve Fink [:sfink] from comment #0)
> 
> I really hope nobody calls back into JS in order to compute a hash key. Am I
> naively optimistic?

Probably. If Preferences::GetBool is the only place where hashKey is causing problems, could we add JS::AutoAssertNoGC around the hash operations in GetBool instead?

    
    

    
  
Comment on attachment 827539 [details] [diff] [review]
Whitelist PLDHashTableOps.hashKey

Review of attachment 827539 [details] [diff] [review]:
-----------------------------------------------------------------

r=me For this approach. It turns out that since everything here is inlined here, inserting JS dependencies would be annoying.

        Attachment #827539 -
        Flags: review?(terrence) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/3970d972ff8a
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: