Open Bug 1166209 Opened 10 years ago Updated 21 days ago

Disallow JS execution while iterating over the JS heap

Tracking

()

Status:

NEW

People

(Reporter: n.nethercote, Unassigned)

References

(Blocks 1 open bug)

Details

Nicholas Nethercote [inactive]

Reporter

Description

•

10 years ago

The JS memory reporter iterates over the JS heap. While this is happening it's vital that no JS code executes, otherwise we can get crashes like bug 1103375's. There are some ad hoc mechanisms in there but something general would be better. mrbkap suggested this: > One other idea would be to set a bit somewhere in XPConnect when we're > iterating the JS heap and to refuse (in nsXPCWrappedJSClass) to call back > into JS from C++ (we'd probably want to assert in debug builds as well as > throwing in optimized builds) when the bit is set. That way, other bugs > like this wouldn't crash us.

Andrew McCreight [:mccr8]

Comment 1

•

10 years ago

There are some existing RAII classes that forbid running JS, though I'm not sure they fail gracefully.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Matthew Gaudet (he/him) [:mgaudet]

Updated

•

21 days ago

Blocks: GC.easeofuse

Priority: -- → P3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Disallow JS execution while iterating over the JS heap

Categories

(Core :: JavaScript Engine, defect, P3)

Tracking

()

People

(Reporter: n.nethercote, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated