Closed Bug 1011109 Opened 6 years ago Closed 6 years ago
XBLMaybe Compiled<T>> compiles and it shouldn't
As reported by sfink via email, it's possible to compile one of these. When we GC this will try mark the contents as if it were a JSObject*, which it's not if !nsXBLMaybeCompiled::IsCompiled(). nsXBLMaybeCompiled<T> was only intended to be used inside a Heap<>, not any of the other rooting classes.
Fortunately there's an easy fix for this - if we stop GCMethods<nsXBLMaybeCompiled<UncompiledT>> deriving from GCMethods<JSObject *> we will lose the definition of kind(), which is only used by Rooted<>. This stops Rooted<nsXBLMaybeCompiled<UncompiledT>> compiling and also anything else that tries to determine what GC kind it is.
Attachment #8423274 - Flags: review?(sphink)
Attachment #8423274 - Flags: review?(sphink) → review+
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in before you can comment on or make changes to this bug.