Root CallbackObject's CallSetup around GlobalScope() call

RESOLVED DUPLICATE of bug 955660

Status

()

RESOLVED DUPLICATE of bug 955660
5 years ago
5 years ago

People

(Reporter: sfink, Assigned: sfink)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

5 years ago
Hazard:

Function 'void mozilla::dom::CallbackObject::CallSetup::CallSetup(mozilla::dom::CallbackObject*, mozilla::ErrorResult*, uint32, JSCompartment*)' has unrooted 'realCallback' of type 'JSObject*' live across GC call 'mozilla::dom::workers::WorkerGlobalScope* mozilla::dom::workers::WorkerPrivate::GlobalScope() const' at /home/sfink/src/MI-upstream/dom/bindings/CallbackObject.cpp:102
(Assignee)

Comment 1

5 years ago
Created attachment 8350821 [details] [diff] [review]
Root CallbackObject's CallSetup around GlobalScope() call

GlobalScope() shouldn't be able to GC, but we're already playing this trick a little later in this file.
(Assignee)

Comment 2

5 years ago
Comment on attachment 8350821 [details] [diff] [review]
Root CallbackObject's CallSetup around GlobalScope() call

r=terrence via irc
Attachment #8350821 - Flags: review+
(Assignee)

Comment 4

5 years ago
Created attachment 8350851 [details] [diff] [review]
Re-fetch realCallback after GC danger is past

Requesting review from bholley because I don't know if I still need to unwrap, or if there's a more straightforward way.
Attachment #8350851 - Flags: review?(bobbyholley+bmo)
This is pretty perf-sensitive code; refetching is very suboptimal.
Comment on attachment 8350851 [details] [diff] [review]
Re-fetch realCallback after GC danger is past

Yeah, we should try to do something smarter here.
Attachment #8350851 - Flags: review?(bobbyholley+bmo) → review-
Blocks: 898606
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 955660
You need to log in before you can comment on or make changes to this bug.