nsNPObjWrapper::GetNewOrUsed() removes PLDHash entries from the wrong table if OOM (JS)

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: jst, Assigned: jst)

Tracking

({fixed1.8.1.8})

unspecified
Points:
---
Bug Flags:
blocking1.9 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

Assignee

Description

12 years ago
Found by code inspection around the point of a crash seen by a plugin developer. Obvious patch attached (if you look above the context in the diff you'll see that the entry being removed comes from sNPObjWrappers, not sJSObjWrappers).
Flags: blocking1.9+
Attachment #277005 - Flags: superreview?(dveditz)
Attachment #277005 - Flags: review?(mrbkap)
Attachment #277005 - Flags: approval1.8.1.7?
Attachment #277005 - Flags: review?(mrbkap) → review+
Attachment #277005 - Flags: superreview?(dveditz) → superreview+
Comment on attachment 277005 [details] [diff] [review]
Remove entry from the right hash.

approved for 1.8.1.7, a=dveditz
Attachment #277005 - Flags: approval1.8.1.7? → approval1.8.1.7+
Assignee

Comment 2

12 years ago
Peter, this is the same patch with a couple of additional cleanups and an unnecessary error check removed when calling JS_SetPrivate() (which can not fail).
Assignee: nobody → jst
Status: NEW → ASSIGNED
Attachment #277633 - Flags: superreview?(peterv)
Attachment #277633 - Flags: review?(peterv)
Attachment #277633 - Flags: superreview?(peterv)
Attachment #277633 - Flags: superreview+
Attachment #277633 - Flags: review?(peterv)
Attachment #277633 - Flags: review+
Assignee

Updated

12 years ago
Attachment #277633 - Flags: approval1.9+
Assignee

Comment 3

12 years ago
Fixed on trunk.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee

Comment 4

12 years ago
This landed on the 1.8 branch a long time ago, just forgot to mark it :(
Keywords: fixed1.8.1.7
You need to log in before you can comment on or make changes to this bug.