Last Comment Bug 362180 - Still missing root in JS_NewPropertyIterator
: Still missing root in JS_NewPropertyIterator
Status: VERIFIED FIXED
[sg:moderate?]
: verified1.8.0.9, verified1.8.1.1
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- normal (vote)
: ---
Assigned To: Igor Bukanov
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on:
Blocks: 343290
  Show dependency treegraph
 
Reported: 2006-11-28 21:14 PST by Igor Bukanov
Modified: 2006-12-22 10:56 PST (History)
2 users (show)
dveditz: blocking1.8.1.1+
dveditz: blocking1.8.0.9+
bob: in‑testsuite-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Fix (1.29 KB, patch)
2006-11-28 21:43 PST, Igor Bukanov
brendan: review+
mrbkap: review+
dveditz: approval1.8.0.9+
dveditz: approval1.8.1.1+
Details | Diff | Splinter Review

Description Igor Bukanov 2006-11-28 21:14:47 PST
The patch for bug 343290 did not root iterobj. As such if non-native would ever allocate a new object, the GC hazard still presents.
Comment 1 Igor Bukanov 2006-11-28 21:43:29 PST
Created attachment 246883 [details] [diff] [review]
Fix

The patch roots iterobj, not obj. 

In addition the patch replaces set_slot calls by the explicit slot access. The current code that calls JS_SetPrivate and jumps to "bad" is incorrect as it does not destroys ida array. This is not a memory leak since JS_SetPrivate always returns true, but it does require spending time to figure out what is going on. So to avoid reasoning in future I made this change.
Comment 2 Igor Bukanov 2006-11-29 09:18:09 PST
I committed the patch from comment 1 to the trunk:

Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v  <--  jsapi.c
new revision: 3.291; previous revision: 3.290
done
Comment 3 Igor Bukanov 2006-11-29 09:20:09 PST
Comment on attachment 246883 [details] [diff] [review]
Fix

The patch applies to 1.8.* as is.
Comment 4 Daniel Veditz [:dveditz] 2006-11-29 10:46:50 PST
Comment on attachment 246883 [details] [diff] [review]
Fix

approved for 1.8/1.8.0 branches, a=dveditz for drivers
Comment 5 Igor Bukanov 2006-11-29 11:57:37 PST
I committed the patch from comment 1 to MOZILLA_1_8_BRANCH:

Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v  <--  jsapi.c
new revision: 3.214.2.32; previous revision: 3.214.2.31
done
Comment 6 Igor Bukanov 2006-11-29 12:09:49 PST
I committed the patch from comment 1 to MOZILLA_1_8_0_BRANCH:

Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v  <--  jsapi.c
new revision: 3.214.2.11.2.9; previous revision: 3.214.2.11.2.8
done
Comment 7 Martijn Wargers [:mwargers] (not working for Mozilla) 2006-11-29 13:53:54 PST
Verified fixed on branches by looking at the bonsai logs of the MOZILLA_1_8_0_BRANCH tree and the MOZILLA_1_8_BRANCH tree.

Note You need to log in before you can comment on or make changes to this bug.