All users were logged out of Bugzilla on October 13th, 2018

[jsdbg2] js::Debugger::FrameRange is terrifyingly unsafe in the name of unnecessary perf




3 years ago
3 years ago


(Reporter: jimb, Unassigned)


Firefox Tracking Flags

(Not tracked)




3 years ago
js::Debugger::FrameRange should be replaced by a function that populates a provided Handle<GCVector<NativeObject*>> with the Debugger.Frame objects referring to a given AbstractFramePtr.

js::Debugger::FrameRange holds pointers into random Debuggers' frame hash tables and iterates over a GlobalObject's DebuggerVector. If a FrameRange lives while anything causes the hash table or the debuggees to change, all hell will break loose. And the amount of laziness it provides isn't even valuable; in almost all cases, there will be exactly one Debugger to look through anyway.

See 1252464 for an example of the sort of chaos this encourages.

Producing a rooted vector would be easy to use, and much more robust.
You need to log in before you can comment on or make changes to this bug.