Closed Bug 1018637 Opened 10 years ago Closed 10 years ago

Zone groups can include zones that are not being collected

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1018638

People

(Reporter: billm, Assigned: billm)

Details

Attachments

(1 obsolete file) 

I was doing some testing of zone GCs today to try to track down the cause of the assertion failures in bug 1016738 and I found this problem. This means that, whenever we use GCZoneGroupIter or GCCompartmentGroupIter, we're potentially iterating over zones/compartments that aren't being collected. I'm not sure what the consequences of this are. We rarely do zone GCs, so it's not likely to happen too much. But zone GCs can be triggered by allocating a lot, so it's a potential security issue. Looks like a regression from bug 982561.
Somehow I ended up filing two bugs for this?
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Resolution: INVALID → DUPLICATE
Attachment #8432153 - Attachment is obsolete: true
Attachment #8432153 - Flags: review?
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: