Closed
Bug 362180
Opened 18 years ago
Closed 18 years ago
Still missing root in JS_NewPropertyIterator
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
People
(Reporter: igor, Assigned: igor)
References
Details
(Keywords: verified1.8.0.9, verified1.8.1.1, Whiteboard: [sg:moderate?])
Attachments
(1 file)
1.29 KB,
patch
|
brendan
:
review+
mrbkap
:
review+
dveditz
:
approval1.8.0.9+
dveditz
:
approval1.8.1.1+
|
Details | Diff | Splinter Review |
The patch for bug 343290 did not root iterobj. As such if non-native would ever allocate a new object, the GC hazard still presents.
Assignee | ||
Comment 1•18 years ago
|
||
The patch roots iterobj, not obj.
In addition the patch replaces set_slot calls by the explicit slot access. The current code that calls JS_SetPrivate and jumps to "bad" is incorrect as it does not destroys ida array. This is not a memory leak since JS_SetPrivate always returns true, but it does require spending time to figure out what is going on. So to avoid reasoning in future I made this change.
Attachment #246883 -
Flags: review?(brendan)
Assignee | ||
Updated•18 years ago
|
Attachment #246883 -
Flags: review?(mrbkap)
Assignee | ||
Updated•18 years ago
|
Flags: blocking1.8.1.1?
Flags: blocking1.8.0.9?
Updated•18 years ago
|
Attachment #246883 -
Flags: review?(brendan) → review+
Assignee | ||
Comment 2•18 years ago
|
||
I committed the patch from comment 1 to the trunk:
Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v <-- jsapi.c
new revision: 3.291; previous revision: 3.290
done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•18 years ago
|
||
Comment on attachment 246883 [details] [diff] [review]
Fix
The patch applies to 1.8.* as is.
Attachment #246883 -
Flags: approval1.8.1.1?
Attachment #246883 -
Flags: approval1.8.0.9?
Comment 4•18 years ago
|
||
Comment on attachment 246883 [details] [diff] [review]
Fix
approved for 1.8/1.8.0 branches, a=dveditz for drivers
Attachment #246883 -
Flags: approval1.8.1.1?
Attachment #246883 -
Flags: approval1.8.1.1+
Attachment #246883 -
Flags: approval1.8.0.9?
Attachment #246883 -
Flags: approval1.8.0.9+
Updated•18 years ago
|
Flags: blocking1.8.1.1?
Flags: blocking1.8.1.1+
Flags: blocking1.8.0.9?
Flags: blocking1.8.0.9+
Assignee | ||
Comment 5•18 years ago
|
||
I committed the patch from comment 1 to MOZILLA_1_8_BRANCH:
Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v <-- jsapi.c
new revision: 3.214.2.32; previous revision: 3.214.2.31
done
Keywords: fixed1.8.1.1
Assignee | ||
Comment 6•18 years ago
|
||
I committed the patch from comment 1 to MOZILLA_1_8_0_BRANCH:
Checking in jsapi.c;
/cvsroot/mozilla/js/src/jsapi.c,v <-- jsapi.c
new revision: 3.214.2.11.2.9; previous revision: 3.214.2.11.2.8
done
Assignee | ||
Updated•18 years ago
|
Keywords: fixed1.8.0.9
Comment 7•18 years ago
|
||
Verified fixed on branches by looking at the bonsai logs of the MOZILLA_1_8_0_BRANCH tree and the MOZILLA_1_8_BRANCH tree.
Status: RESOLVED → VERIFIED
Updated•18 years ago
|
Attachment #246883 -
Flags: review?(mrbkap) → review+
Updated•18 years ago
|
Flags: in-testsuite-
Updated•18 years ago
|
Whiteboard: [sg:moderate?]
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•