Closed Bug 940727 Opened 6 years ago Closed 6 years ago
Fix rooting hazard in DOMProxy
Handler::Get And Clear Expando Object()
No description provided.
DOMProxyHandler::GetAndClearExpandoObject() calls xpc::GetObjectScope() so it can remove the object's expando object from it. However, this can lazily create a compartment private, which can GC. Not only that, we don't need to create this here anyway if it doesn't exist already. The patch adds MaybeGetObjectScope() which doesn't bother creating the compartment private if it doesn't exist already, which avoids these issues.
Attachment #8334943 - Flags: review?(bobbyholley+bmo)
Attachment #8334943 - Flags: review?(bobbyholley+bmo) → review+
Unfortunately this and the other bugs in https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?changeset=db0f8a5eeb33 have been backed out for causing rootanalysis assertions, eg: https://tbpl.mozilla.org/php/getParsedLog.php?id=30835010&tree=Mozilla-Inbound Backout: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?changeset=05a0228c2caa (For quick relanding, I recommend the third party qbackout extension and '--apply' mode)
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in before you can comment on or make changes to this bug.