wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1264187 - check for a ProtoAndIfaceCache before blindly destroying it; r=bz, a=ritu

Browse Source 
We normally create global objects in the DOM bindings via:

  1. Call JS_NewGlobalObject.
  2. Set a private slot to hold a ProtoAndIfaceCache.
  3. Other steps that aren't relevant here.

However, it's possible for step 1 to construct a global inside the JS
engine and then fail to initialize it in some way.  When that happens,
the newly-created object will be subjected to GC and any GC-related
hooks that were passed in to JS_NewGlobalObject.  Which implies that our
tracing and finalization hooks must be prepared to handle an object
that's not fully initialized--i.e. doesn't have a ProtoAndIfaceCache
object allocated for it.  We handled such a case in our trace hook, but
we failed to add the same check for our finalization hook.  Do so.
This commit is contained in:
Nathan Froyd 2016-04-14 11:42:34 -04:00
parent 645b329ed4
commit a5fd2e6fde
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dom/bindings/BindingUtils.h
View File

@ -532,6 +532,10 @@ DestroyProtoAndIfaceCache(JSObject* obj)
{
MOZ_ASSERT(js::GetObjectClass(obj)->flags & JSCLASS_DOM_GLOBAL);
if (!HasProtoAndIfaceCache(obj)) {
return;
}
ProtoAndIfaceCache* protoAndIfaceCache = GetProtoAndIfaceCache(obj);
delete protoAndIfaceCache;