Closed
Bug 925585
Opened 11 years ago
Closed 11 years ago
Missing Rooted in proxy_createFunction
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla27
People
(Reporter: sfink, Assigned: sfink)
References
Details
Attachments
(1 file)
(deleted),
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
Hazard:
Function 'jsproxy.cpp:uint8 proxy_createFunction(JSContext*, uint32, JS::Value*)' has unrooted 'construct' of type 'JSObject*' live across GC call 'JSObject* JS_NewObjectWithGivenProto(JSContext*, JSClass*, JSObject*, JSObject*)' at js/src/jsproxy.cpp:3267
js/src/jsproxy.cpp:3266: Call(56,57, __temp_19 := Jsvalify(CallConstructHolder))
js/src/jsproxy.cpp:3267: Call(57,58, __temp_21 := cx*.field:0.global())
js/src/jsproxy.cpp:3267: Call(58,59, __temp_20 := __temp_21.operator 135())
js/src/jsproxy.cpp:3267: Call(59,60, __temp_18 := JS_NewObjectWithGivenProto(cx*,__temp_19*,0,__temp_20**.field:0))
js/src/jsproxy.cpp:3267: Call(60,61, __temp_22*.GuardObjectNotifier(0))
js/src/jsproxy.cpp:3267: Call(61,62, ccHolder.Rooted(cx*,__temp_18*,__temp_22))
js/src/jsproxy.cpp:3267: Call(62,63, __temp_22.~GuardObjectNotifier())
js/src/jsproxy.cpp:3268: Call(63,64, __temp_23 := ccHolder.operator 168())
js/src/jsproxy.cpp:3268: Assume(64,71, null(__temp_23**), false)
js/src/jsproxy.cpp:3270: Call(71,72, __temp_24 := ccHolder.operator->())
js/src/jsproxy.cpp:3270: Call(72,73, __temp_26 := call.operator 168())
js/src/jsproxy.cpp:3270: Call(73,74, __temp_25 := ObjectValue(__temp_26**))
js/src/jsproxy.cpp:3270: Call(74,75, __temp_24*.setReservedSlot(0,__temp_25))
js/src/jsproxy.cpp:3271: Call(75,76, __temp_27 := ccHolder.operator->())
js/src/jsproxy.cpp:3271: Call(76,77, __temp_28 := ObjectValue(construct*))
Looks like a straightforward missing root to me.
Assignee | ||
Comment 1•11 years ago
|
||
Attachment #815654 -
Flags: review?(terrence)
Comment 2•11 years ago
|
||
Comment on attachment 815654 [details] [diff] [review]
Missing Rooted in proxy_createFunction
Review of attachment 815654 [details] [diff] [review]:
-----------------------------------------------------------------
r=me
Attachment #815654 -
Flags: review?(terrence) → review+
Comment 3•11 years ago
|
||
Typical style is to drop the nullptr.
Assignee | ||
Comment 4•11 years ago
|
||
Comment 5•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
You need to log in
before you can comment on or make changes to this bug.
Description
•