Closed Bug 952688 Opened 11 years ago Closed 11 years ago

Root CallbackObject's CallSetup around GlobalScope() call

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 955660

People

(Reporter: sfink, Assigned: sfink)

References

Details

Attachments

(2 files)

Root CallbackObject's CallSetup around GlobalScope() call
(deleted), patch
sfink
: review+
Details | Diff | Splinter Review
Re-fetch realCallback after GC danger is past
(deleted), patch
bholley
: review-
Details | Diff | Splinter Review
Hazard: Function 'void mozilla::dom::CallbackObject::CallSetup::CallSetup(mozilla::dom::CallbackObject*, mozilla::ErrorResult*, uint32, JSCompartment*)' has unrooted 'realCallback' of type 'JSObject*' live across GC call 'mozilla::dom::workers::WorkerGlobalScope* mozilla::dom::workers::WorkerPrivate::GlobalScope() const' at /home/sfink/src/MI-upstream/dom/bindings/CallbackObject.cpp:102
GlobalScope() shouldn't be able to GC, but we're already playing this trick a little later in this file.
Comment on attachment 8350821 [details] [diff] [review] Root CallbackObject's CallSetup around GlobalScope() call r=terrence via irc
Attachment #8350821 - Flags: review+
Requesting review from bholley because I don't know if I still need to unwrap, or if there's a more straightforward way.
Attachment #8350851 - Flags: review?(bobbyholley+bmo)
This is pretty perf-sensitive code; refetching is very suboptimal.
Comment on attachment 8350851 [details] [diff] [review] Re-fetch realCallback after GC danger is past Yeah, we should try to do something smarter here.
Attachment #8350851 - Flags: review?(bobbyholley+bmo) → review-
Blocks: 898606
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: