Closed
Bug 931218
Opened 11 years ago
Closed 11 years ago
Handle an exact rooting hazard in stealContents
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla28
Tracking | Status | |
---|---|---|
firefox28 | --- | fixed |
People
(Reporter: terrence, Assigned: terrence)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file)
6.58 KB,
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
This handlifies a few interfaces and adds an assertion that the object we stole the contents from was not in the nursery: writing inlined nursery or nursery allocated ObjectElements into a void* would be super-bad. I have no idea if this assertion is actually valid, but it doesn't fire for me currently in jit-tests --tbpl.
Attachment #822566 -
Flags: review?(sphink)
Comment 1•11 years ago
|
||
Comment on attachment 822566 [details] [diff] [review]
hazard_stealcontents-v0.diff
Review of attachment 822566 [details] [diff] [review]:
-----------------------------------------------------------------
Yeah, I think I left the API as a JSObject* because it gets immediately unwrapped anyway, but if we're handlifying the JSAPI now, then this is good.
There are probably other places you could assert !IsInsideNursery.
Attachment #822566 -
Flags: review?(sphink) → review+
Assignee | ||
Comment 2•11 years ago
|
||
Comment 3•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
(In reply to Phil Ringnalda (:philor) from comment #3)
> https://hg.mozilla.org/mozilla-central/rev/3124171c8f9a
Can you please confirm the target milestone is corect? mozilla-central was Firefox 27 at this time.
Flags: needinfo?(philringnalda)
Comment 5•11 years ago
|
||
That was the uplift day. It landed after mozilla-central was uplifted to Aurora. In the future, you can confirm this for yourself by noting that revision 3124171c8f9a is not on mozilla-beta.
Flags: needinfo?(philringnalda)
status-firefox28:
--- → fixed
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•