Closed Bug 547274 Opened 14 years ago Closed 14 years ago

js_InitArrayClass is not thread-safe

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
Other Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jorendorff, Assigned: jorendorff)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

v1
3.68 KB, patch
brendan
: review+
Details | Diff | Splinter Review 
Found by helgrind.

  JSObject *
  js_InitArrayClass(JSContext *cx, JSObject *obj)
  {
      JSObject *proto;

      /* Initialize the ops structure used by slow arrays */
      memcpy(&js_SlowArrayObjectOps, &js_ObjectOps, sizeof(JSObjectOps));
      js_SlowArrayObjectOps.enumerate = slowarray_enumerate;
      js_SlowArrayObjectOps.call = NULL;

But this code runs every time a new context is populated. Oops.

The most obvious thing is just to initialize that statically. Patch coming.
Attached patch v1Splinter Review 
Assignee: general → jorendorff

        Attachment #427803 -
        Flags: review?(brendan)

    
    

    
  
Comment on attachment 427803 [details] [diff] [review]
v1

Winning. Thanks,

/be

        Attachment #427803 -
        Flags: review?(brendan) → review+

    
    

    
  
http://hg.mozilla.org/tracemonkey/rev/2572dde9830c
Whiteboard: fixed-in-tracemonkey

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/2572dde9830c
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: