Closed
Bug 940724
Opened 11 years ago
Closed 11 years ago
Move XMLHttpRequest::StateData off of the stack to silence analysis
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: sfink, Assigned: sfink)
Details
(Whiteboard: [qa-])
Attachments
(1 file)
|
3.04 KB,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
Hazard:
Function 'XMLHttpRequest.cpp:uint8 {anonymous}::EventRunnable::WorkerRun(JSContext*, mozilla::dom::workers::WorkerPrivate*)' has unrooted 'state' of type 'mozilla::dom::workers::XMLHttpRequest::StateData' live across GC call 'uint8 JSAutoStructuredCloneBuffer::read(JSContext*, class JS::MutableHandle<JS::Value>, JSStructuredCloneCallbacks*, void*)' at dom/workers/XMLHttpRequest.cpp:715
This hazard is really a weakness of the analysis, because there's a StateDataAutoRooter in scope. But StateData contains a Heap<Value>, and it's a little funky to put one of those on the stack. Funky, but allowed as long as you trace it, and the StateDataAutoRooter will achieve that.
|
Assignee | |
Comment 1•11 years ago
|
||
Still, it's simpler to always have StateData on the heap, especially since that will silence the analysis hazard as a side effect. We still need the AutoRooter to trace it. Once MOZ_HEAP_CLASS is implemented, we'll be able to mark StateData with it.
Attachment #8334907 -
Flags: review?(jonas)
Comment on attachment 8334907 [details] [diff] [review] Move XMLHttpRequest::StateData off of the stack to silence analysis hup!
Attachment #8334907 -
Flags: review?(jonas) → review?(bent.mozilla)
Comment on attachment 8334907 [details] [diff] [review] Move XMLHttpRequest::StateData off of the stack to silence analysis Review of attachment 8334907 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/workers/XMLHttpRequest.cpp @@ +681,5 @@ > mProxy->mLastTotal = mTotal; > } > } > > + ScopedDeletePtr<XMLHttpRequest::StateData> state(new XMLHttpRequest::StateData()); Nit: Please use nsAutoPtr.
Attachment #8334907 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/972924aa7110
|
||
Comment 5•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/972924aa7110
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
|
||
Updated•10 years ago
|
Whiteboard: [qa-]
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•