Fix an exact rooting hazard in nsJSContext::JSObjectFromInterface
RESOLVED
FIXED
in mozilla27
Status
()
People
(Reporter: terrence, Assigned: terrence)
Tracking
Firefox Tracking Flags
(Not tracked)
Details
Attachments
(1 attachment)
|
1.12 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
In the #ifdef DEBUG block there is use of nsCOMPtr: I believe we decided this could GC in the general case. The attached patch adds a temporary Rooted in the DEBUG block so that we don't have to take the overhead in the non-DEBUG case.
For reference:
Function 'uint32 nsJSContext::JSObjectFromInterface(nsISupports*, class JS::Handle<JSObject*>, JSObject**)' has unrooted 'obj' of type 'JSObject*' live across GC call 'nsCOMPtr<nsISupports>::nsCOMPtr(nsQueryInterface)' at dom/base/nsJSEnvironment.cpp:1047
dom/base/nsJSEnvironment.cpp:1047: Call(28,29, __temp_10 := do_QueryInterface(aTarget*))
dom/base/nsJSEnvironment.cpp:1047: Call(29,30, __temp_9*.nsCOMPtr(0,__temp_10*))
dom/base/nsJSEnvironment.cpp:1047: Assign(30,31, targetSupp := __temp_9*)
dom/base/nsJSEnvironment.cpp:1047: Call(31,32, __temp_9.~nsCOMPtr())
dom/base/nsJSEnvironment.cpp:1049: Call(32,33, __temp_13 := XPConnect())
dom/base/nsJSEnvironment.cpp:1049: Call(33,34, __temp_14 := cx.operator 338())
dom/base/nsJSEnvironment.cpp:1049: Call(34,35, __temp_12 := __temp_13*.GetNativeOfWrapper*(__temp_14*,obj*))
Attachment #821127 -
Flags: review?(bugs)
|
||
Updated•6 years ago
|
Attachment #821127 -
Flags: review?(bugs) → review+
|
Assignee | |
Comment 1•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5775bf2165d2
|
||
Comment 2•6 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5775bf2165d2
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
|
||
Updated•6 years ago
|
Assignee: general → terrence
|
||
Updated•5 months ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•