Closed
Bug 825395
Opened 12 years ago
Closed 11 years ago
Add checking for interleaved nsCxPusher and JSAutoEnterCompartment
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla21
People
(Reporter: bholley, Assigned: bholley)
Details
Attachments
(1 file)
|
4.66 KB,
patch
|
bzbarsky
:
review+
luke
:
review+
|
Details | Diff | Splinter Review |
nsCxPusher is manually initialized (via Push()) and can be manually destroyed (via Pop()), so it isn't guaranteed to follow RAII patterns. This means it can get interleaved with a JSAutoCompartment. This, in turn, hoses us if the call to Push() triggered a call to JS_SaveFrameChain, because that stashes the old compartment situation and leaves us as if we hadn't entered a compartment at all. This just bit me, so I spent some time making sure it wouldn't happen again. Patch forthcoming.
|
Assignee | |
Comment 1•12 years ago
|
||
Attachment #696462 -
Flags: review?(bzbarsky)
|
||
Comment 2•12 years ago
|
||
Comment on attachment 696462 [details] [diff] [review] Add debug checking for interleaved nsCxPusher and JSAutoEnterCompartment. v1 r=me, but you probably need a js peer review on the jsfriendapi bits.
Attachment #696462 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #696462 -
Flags: review?(luke)
|
|
||
Updated•12 years ago
|
Attachment #696462 -
Flags: review?(luke) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/e194999b0d66
|
||
Comment 4•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e194999b0d66
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•