Closed Bug 413556 Opened 14 years ago Closed 14 years ago
_Convert Arguments with format-specifier "f" doesn't root the converted value
With format-specifiers "S" or "o", the converted result is written back to argv, so it's rooted. "f" doesn't do that. (The GC hazard arises if the argument is an object whose valueOf() returns a Function that is not otherwise reachable. Conversion of later arguments can then trigger GC, so the object may even be gone by the time JS_ConvertArguments returns.)
Assignee: general → jorendorff
Status: NEW → ASSIGNED
Attachment #298542 - Flags: review?(brendan)
GC safety, for embeddings other than Gecko's SpiderMonkey embedding AFAIK, but why take chances? Zero risk obviously correct fix. /be
I checked in the patch from comment 1 to the trunk: http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&branch=HEAD&cvsroot=%252Fcvsroot&date=explicit&mindate=1201097940&maxdate=1201098001&who=igor%25mir2.org
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Jason, if you can help with a test I would appreciate it.
You need to log in before you can comment on or make changes to this bug.