Closed
Bug 952688
Opened 11 years ago
Closed 11 years ago
Root CallbackObject's CallSetup around GlobalScope() call
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 955660
People
(Reporter: sfink, Assigned: sfink)
References
Details
Attachments
(2 files)
(deleted),
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
bholley
:
review-
|
Details | Diff | Splinter Review |
Hazard:
Function 'void mozilla::dom::CallbackObject::CallSetup::CallSetup(mozilla::dom::CallbackObject*, mozilla::ErrorResult*, uint32, JSCompartment*)' has unrooted 'realCallback' of type 'JSObject*' live across GC call 'mozilla::dom::workers::WorkerGlobalScope* mozilla::dom::workers::WorkerPrivate::GlobalScope() const' at /home/sfink/src/MI-upstream/dom/bindings/CallbackObject.cpp:102
Assignee | ||
Comment 1•11 years ago
|
||
GlobalScope() shouldn't be able to GC, but we're already playing this trick a little later in this file.
Assignee | ||
Comment 2•11 years ago
|
||
Comment on attachment 8350821 [details] [diff] [review]
Root CallbackObject's CallSetup around GlobalScope() call
r=terrence via irc
Attachment #8350821 -
Flags: review+
Assignee | ||
Comment 3•11 years ago
|
||
landed in https://hg.mozilla.org/integration/mozilla-inbound/rev/f71e6905567f
backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/e9d4787444d3 due to IsInRequest assertion
Assignee | ||
Comment 4•11 years ago
|
||
Requesting review from bholley because I don't know if I still need to unwrap, or if there's a more straightforward way.
Attachment #8350851 -
Flags: review?(bobbyholley+bmo)
Comment 5•11 years ago
|
||
This is pretty perf-sensitive code; refetching is very suboptimal.
Comment 6•11 years ago
|
||
Comment on attachment 8350851 [details] [diff] [review]
Re-fetch realCallback after GC danger is past
Yeah, we should try to do something smarter here.
Attachment #8350851 -
Flags: review?(bobbyholley+bmo) → review-
Updated•11 years ago
|
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•