Closed
Bug 1712725
Opened 3 years ago
Closed 3 years ago
Stop passing the CC participant to mozilla::DropJSObjects
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
90 Branch
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | fixed |
People
(Reporter: peterv, Assigned: peterv)
Details
Attachments
(3 files)
No description provided.
|
Assignee | |
Comment 1•3 years ago
|
||
Various code was passing 'this' to mozilla::DropJSObjects in unlink, but that's
the CC participant. The right object to pass is 'tmp'. I also added static
asserts in mozilla::Hold/DropJSObjects to block this in the future.
|
|
Assignee | |
Comment 2•3 years ago
|
||
There's a pattern of clearing SJ things when calling mozilla::DropJSObjects,
but mozilla::DropJSObjects already clears the JS things itself by calling
CycleCollectedJSRuntime::RemoveJSHolder.
Depends on D115884
|
||
Updated•3 years ago
|
Severity: -- → S3
|
|
Assignee | |
Comment 3•3 years ago
|
||
Depends on D115885
Pushed by pvanderbeken@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/13f0a2c96ff2 Pass the correct object to mozilla::DropJSObjects. r=mccr8 https://hg.mozilla.org/integration/autoland/rev/0841abff498e Stop clearing JS things when calling mozilla::DropJSObjects. r=mccr8 https://hg.mozilla.org/integration/autoland/rev/f69509e8ee12 Disallow using HoldJSObjects/DropJSObjects for non-nsISupports classes that don't have a CC participant. r=mccr8
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/13f0a2c96ff2
https://hg.mozilla.org/mozilla-central/rev/0841abff498e
https://hg.mozilla.org/mozilla-central/rev/f69509e8ee12
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox90:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•