Closed
Bug 940727
Opened 11 years ago
Closed 11 years ago
Fix rooting hazard in DOMProxyHandler::GetAndClearExpandoObject()
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: jonco, Assigned: jonco)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file)
(deleted),
patch
|
bholley
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•11 years ago
|
||
DOMProxyHandler::GetAndClearExpandoObject() calls xpc::GetObjectScope() so it can remove the object's expando object from it. However, this can lazily create a compartment private, which can GC. Not only that, we don't need to create this here anyway if it doesn't exist already.
The patch adds MaybeGetObjectScope() which doesn't bother creating the compartment private if it doesn't exist already, which avoids these issues.
Attachment #8334943 -
Flags: review?(bobbyholley+bmo)
Updated•11 years ago
|
Attachment #8334943 -
Flags: review?(bobbyholley+bmo) → review+
Assignee | ||
Comment 2•11 years ago
|
||
Comment 3•11 years ago
|
||
Unfortunately this and the other bugs in https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?changeset=db0f8a5eeb33 have been backed out for causing rootanalysis assertions, eg:
https://tbpl.mozilla.org/php/getParsedLog.php?id=30835010&tree=Mozilla-Inbound
Backout:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?changeset=05a0228c2caa
(For quick relanding, I recommend the third party qbackout extension and '--apply' mode)
Assignee | ||
Comment 4•11 years ago
|
||
Comment 5•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Updated•11 years ago
|
Whiteboard: [qa-]
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•