Closed Bug 925585 Opened 11 years ago Closed 11 years ago

Missing Rooted in proxy_createFunction

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla27

People

(Reporter: sfink, Assigned: sfink)

References

Details

Attachments

(1 file)

Missing Rooted in proxy_createFunction
1.07 KB, patch
terrence
: review+
Details | Diff | Splinter Review 
Hazard:

Function 'jsproxy.cpp:uint8 proxy_createFunction(JSContext*, uint32, JS::Value*)' has unrooted 'construct' of type 'JSObject*' live across GC call 'JSObject* JS_NewObjectWithGivenProto(JSContext*, JSClass*, JSObject*, JSObject*)' at js/src/jsproxy.cpp:3267
    js/src/jsproxy.cpp:3266: Call(56,57, __temp_19 := Jsvalify(CallConstructHolder))
    js/src/jsproxy.cpp:3267: Call(57,58, __temp_21 := cx*.field:0.global())
    js/src/jsproxy.cpp:3267: Call(58,59, __temp_20 := __temp_21.operator 135())
    js/src/jsproxy.cpp:3267: Call(59,60, __temp_18 := JS_NewObjectWithGivenProto(cx*,__temp_19*,0,__temp_20**.field:0))
    js/src/jsproxy.cpp:3267: Call(60,61, __temp_22*.GuardObjectNotifier(0))
    js/src/jsproxy.cpp:3267: Call(61,62, ccHolder.Rooted(cx*,__temp_18*,__temp_22))
    js/src/jsproxy.cpp:3267: Call(62,63, __temp_22.~GuardObjectNotifier())
    js/src/jsproxy.cpp:3268: Call(63,64, __temp_23 := ccHolder.operator 168())
    js/src/jsproxy.cpp:3268: Assume(64,71, null(__temp_23**), false)
    js/src/jsproxy.cpp:3270: Call(71,72, __temp_24 := ccHolder.operator->())
    js/src/jsproxy.cpp:3270: Call(72,73, __temp_26 := call.operator 168())
    js/src/jsproxy.cpp:3270: Call(73,74, __temp_25 := ObjectValue(__temp_26**))
    js/src/jsproxy.cpp:3270: Call(74,75, __temp_24*.setReservedSlot(0,__temp_25))
    js/src/jsproxy.cpp:3271: Call(75,76, __temp_27 := ccHolder.operator->())
    js/src/jsproxy.cpp:3271: Call(76,77, __temp_28 := ObjectValue(construct*))

Looks like a straightforward missing root to me.

        Attachment #815654 -
        Flags: review?(terrence)

    
    

    
  
Comment on attachment 815654 [details] [diff] [review]
Missing Rooted in proxy_createFunction

Review of attachment 815654 [details] [diff] [review]:
-----------------------------------------------------------------

r=me

        Attachment #815654 -
        Flags: review?(terrence) → review+
Blocks: 898606

    
    

    
  
Typical style is to drop the nullptr.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/c82f469916b9
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: