Closed
Bug 754311
Opened 12 years ago
Closed 12 years ago
Copy properties before nulling out the private of about-to-be-transplanted reflectors
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla15
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(1 file)
This is one of the bugs causing bug 752309. Patch coming right up.
Assignee | ||
Comment 1•12 years ago
|
||
Attaching a patch. Flagging mrbkap for review.
Attachment #623180 -
Flags: review?(mrbkap)
Comment 2•12 years ago
|
||
Comment on attachment 623180 [details] [diff] [review] Null out the private of soon-to-be-transplanted reflectors _after_ copying their properties onto the holder. v1 Review of attachment 623180 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/XPCWrappedNative.cpp @@ +1660,5 @@ > + // replaced anyway by the ensuing brain trainsplant, so it doesn't > + // really matter. But it can stick around if we take the > + // js_TransplantObjectWithWrapper path, or if we've got a bug somewhere. > + // If that happens, we want to crash cleanly with a null dereference > + // rather than mucking around with the wrong XPCWN. This is actually important for another reason as well: at this point in time, there are now two JSObjects with the same XPCWrappedNative and they'll both try to delete they're underlying wrapped native when they get finalized. Even though we're going to brain transplant this object, all that actually means is that we're going to swap() it with another object, so we need to forcibly null out the private here.
Attachment #623180 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 3•12 years ago
|
||
Pushed to m-i with an updated comment per comment 2: http://hg.mozilla.org/integration/mozilla-inbound/rev/b5bef2ea3fd9
Target Milestone: --- → mozilla15
Comment 4•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b5bef2ea3fd9
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•