It looks like this SkipRoot may be protecting some incorrect rooting behavior.
I don't see what that SkipRoot is doing, since it's only for the SCInput buffer that shouldn't have any gcptrs anyway. With Transferables, it may contain pointers to data (eg ArrayBuffer guts), but those aren't gcthings. On the other hand, a caller could certainly use callbacks to write gcptrs into the buffer and expect to be able to read them out. The structured clone reading stuff may have other hazards, though. It creates gcthings and write their pointers into raw Value*'s all over the place. Those should be MutableHandleValue. But except for the outermost one, those are pointers to rooted Values, so should be fine. It depends on the callers, and it'd be safer to use MutableHandleValue.
I don't think this is an issue anymore.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.