Closed
Bug 1569608
Opened 5 years ago
Closed 5 years ago
Rooting hazard creating realm instrumentation holder objects
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla70
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | --- | fixed |
People
(Reporter: jonco, Assigned: jonco)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
The RealmInstrumentation objects created and populated with GC pointers before the holder object is created. If a GC happens at this point the contents of the object will not be traced.
|
||
Comment 1•5 years ago
|
||
Oops, I missed this in the final version. I think we just need to use a Rooted<UniquePtr<RealmInstrumentation> >?
|
Assignee | |
Comment 2•5 years ago
|
||
(In reply to Ted Campbell [:tcampbell] from comment #1)
Yes, that works.
|
|
Assignee | |
Comment 3•5 years ago
|
||
Depends on D39496
|
||
Comment 4•5 years ago
|
||
https://hg.mozilla.org/integration/autoland/rev/734f52c5ecd7b84afffed2058abb8145ab01ce1f
https://hg.mozilla.org/mozilla-central/rev/734f52c5ecd7
Group: javascript-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox70:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
|
||
Updated•5 years ago
|
status-firefox68:
--- → unaffected
status-firefox69:
--- → unaffected
status-firefox-esr60:
--- → unaffected
status-firefox-esr68:
--- → unaffected
|
||
Updated•4 years ago
|
Group: core-security-release
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
|
||
Updated•2 years ago
|
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•