Missing root in JS_NewPropertyIterator

RESOLVED FIXED in mozilla1.9alpha1

Status

()

Core
JavaScript Engine
P3
major
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: mrbkap, Assigned: mrbkap)

Tracking

({crash, fixed1.8.0.7, fixed1.8.1})

Trunk
mozilla1.9alpha1
crash, fixed1.8.0.7, fixed1.8.1
Points:
---
Bug Flags:
blocking1.8.1 +
blocking1.8.0.7 +
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [patch])

Attachments

(1 attachment)

(Assignee)

Description

11 years ago
There is a missing root in JS_NewPropertyIterator. In the general case (where we're dealing with a native object), there is a newborn root, and no calls to functions that can cause GC to happen to protect our new object. In the non-native case, however, we have a call to JS_Enumerate, which could allocate new objects and cause GC, destroying our newborn object.
(Assignee)

Comment 1

11 years ago
Created attachment 227770 [details] [diff] [review]
Fix
Attachment #227770 - Flags: review?(brendan)
(Assignee)

Updated

11 years ago
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [patch]

Updated

11 years ago
Attachment #227770 - Flags: review?(brendan) → review+
(Assignee)

Comment 2

11 years ago
Fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED

Updated

11 years ago
Flags: blocking1.8.0.6?

Updated

11 years ago
Flags: in-testsuite-
This should go on both 1.8 and 1.8.0, right? not just 1.8.0? nominating
Flags: blocking1.8.1?
Flags: blocking1.8.1? → blocking1.8.1+
Attachment #227770 - Flags: approval1.8.1?
(Assignee)

Comment 4

11 years ago
This landed on the 1.8 branch with JS1.7.
Keywords: fixed1.8.1
(Assignee)

Updated

11 years ago
Attachment #227770 - Flags: approval1.8.1? → approval1.8.0.7?
Comment on attachment 227770 [details] [diff] [review]
Fix

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #227770 - Flags: approval1.8.0.7? → approval1.8.0.7+
Flags: blocking1.8.0.7? → blocking1.8.0.7+
(Assignee)

Comment 6

11 years ago
Fixed on the 1.8.0 branch.
Keywords: fixed1.8.0.7

Updated

11 years ago
Depends on: 362180
You need to log in before you can comment on or make changes to this bug.