As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 773370 - Fix rooting in JSArray creation for mozTelephony
: Fix rooting in JSArray creation for mozTelephony
Product: Core
Classification: Components
Component: DOM: Device Interfaces (show other bugs)
: Trunk
: x86_64 All
: -- normal (vote)
: mozilla17
Assigned To: Kyle Machulis [:qdot]
: Andrew Overholt [:overholt]
Depends on:
Blocks: b2g-ril
  Show dependency treegraph
Reported: 2012-07-12 11:41 PDT by Kyle Machulis [:qdot]
Modified: 2012-08-03 10:51 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Patch 1 (v1): Fix rooting in JSArray creation for mozTelephony (1.07 KB, patch)
2012-08-01 15:00 PDT, Kyle Machulis [:qdot]
bent.mozilla: review+
Details | Diff | Splinter Review

Description User image Kyle Machulis [:qdot] 2012-07-12 11:41:19 PDT
There are functions in mozTelephony and mozBluetooth that convery nsTArrays to JSArrays. The internal machinery moves values to an internal nsTArray that's then tranformed as part of JS_NewArrayObject. There could be a GC sweep during this conversion that could cause some of the values to be swept before rooting.
Comment 1 User image Gregor Wagner [:gwagner] 2012-07-12 12:54:04 PDT
Hm do we also need a write barrier now with IGC?
Comment 2 User image Dietrich Ayala (:dietrich) 2012-08-01 11:11:20 PDT
Kyle, Gregor: Does this need to block the release?
Comment 3 User image Kyle Machulis [:qdot] 2012-08-01 14:50:21 PDT
Nope, this doesn't block release. It's already fixed in 761511 for bluetooth, too.
Comment 4 User image Kyle Machulis [:qdot] 2012-08-01 15:00:40 PDT
Created attachment 648098 [details] [diff] [review]
Patch 1 (v1): Fix rooting in JSArray creation for mozTelephony
Comment 6 User image Ed Morley [:emorley] 2012-08-02 06:22:10 PDT
Comment 7 User image Andrew Overholt [:overholt] 2012-08-03 10:51:16 PDT
Potential crasher so blocking in case we regress.

Note You need to log in before you can comment on or make changes to this bug.