From f66e0a7b52b0c3995ad5f7355c3df3f4e254c4db Mon Sep 17 00:00:00 2001 From: Andrew McCreight Date: Wed, 18 Mar 2015 11:36:03 -0700 Subject: [PATCH] Bug 1142717, part 3 - Make XPCWrappedNativeTearOff::mNative a smart pointer. r=bholley --- js/xpconnect/src/XPCInlines.h | 6 +----- js/xpconnect/src/XPCWrappedNative.cpp | 22 ++++++---------------- js/xpconnect/src/xpcprivate.h | 7 +++++-- 3 files changed, 12 insertions(+), 23 deletions(-) diff --git a/js/xpconnect/src/XPCInlines.h b/js/xpconnect/src/XPCInlines.h index ac52a7d3c02..ece9f72c293 100644 --- a/js/xpconnect/src/XPCInlines.h +++ b/js/xpconnect/src/XPCInlines.h @@ -548,11 +548,7 @@ XPCWrappedNative::SweepTearOffs() // If this tearoff does not have a live dedicated JSObject, // then let's recycle it. if (!to->GetJSObjectPreserveColor()) { - nsISupports* obj = to->GetNative(); - if (obj) { - obj->Release(); - to->SetNative(nullptr); - } + to->SetNative(nullptr); to->SetInterface(nullptr); } } diff --git a/js/xpconnect/src/XPCWrappedNative.cpp b/js/xpconnect/src/XPCWrappedNative.cpp index fe7f0c23bbf..a7b705457a1 100644 --- a/js/xpconnect/src/XPCWrappedNative.cpp +++ b/js/xpconnect/src/XPCWrappedNative.cpp @@ -21,6 +21,7 @@ #include #include "mozilla/DeferredFinalize.h" #include "mozilla/Likely.h" +#include "mozilla/unused.h" #include "mozilla/dom/BindingUtils.h" #include @@ -905,20 +906,9 @@ XPCWrappedNative::FlatJSObjectFinalized() } // We also need to release any native pointers held... - nsISupports* obj = to->GetNative(); - if (obj) { -#ifdef XP_WIN - // Try to detect free'd pointer - MOZ_ASSERT(*(int*)obj != 0xdddddddd, "bad pointer!"); - MOZ_ASSERT(*(int*)obj != 0, "bad pointer!"); -#endif - XPCJSRuntime* rt = GetRuntime(); - if (rt) { - DeferredFinalize(obj); - } else { - obj->Release(); - } - to->SetNative(nullptr); + nsRefPtr native = to->TakeNative(); + if (native && GetRuntime()) { + DeferredFinalize(native.forget().take()); } to->SetInterface(nullptr); @@ -1004,7 +994,7 @@ XPCWrappedNative::SystemIsBeingShutDown() } // We leak the tearoff mNative // (for the same reason we leak mIdentity - see above). - to->SetNative(nullptr); + unused << to->TakeNative().take(); to->SetInterface(nullptr); } } @@ -1274,7 +1264,7 @@ XPCWrappedNative::InitTearOff(XPCWrappedNativeTearOff* aTearOff, } aTearOff->SetInterface(aInterface); - aTearOff->SetNative(qiResult.forget().take()); + aTearOff->SetNative(qiResult); if (needJSObject && !InitTearOffJSObject(aTearOff)) return NS_ERROR_OUT_OF_MEMORY; diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h index 797c12b1163..6c44193a5b9 100644 --- a/js/xpconnect/src/xpcprivate.h +++ b/js/xpconnect/src/xpcprivate.h @@ -1954,13 +1954,14 @@ public: JSObject* GetJSObjectPreserveColor() const; void SetInterface(XPCNativeInterface* Interface) {mInterface = Interface;} void SetNative(nsISupports* Native) {mNative = Native;} + already_AddRefed TakeNative() { return mNative.forget(); } void SetJSObject(JSObject* JSObj); void JSObjectFinalized() {SetJSObject(nullptr);} void JSObjectMoved(JSObject *obj, const JSObject *old); XPCWrappedNativeTearOff() - : mInterface(nullptr), mNative(nullptr), mJSObject(nullptr) {} + : mInterface(nullptr), mJSObject(nullptr) {} ~XPCWrappedNativeTearOff(); // NOP. This is just here to make the AutoMarkingPtr code compile. @@ -1977,7 +1978,9 @@ private: private: XPCNativeInterface* mInterface; - nsISupports* mNative; + // mNative is an nsRefPtr not an nsCOMPtr because it may not be the canonical + // nsISupports pointer. + nsRefPtr mNative; JS::TenuredHeap mJSObject; };