Bug 1142717, part 3 - Make XPCWrappedNativeTearOff::mNative a smart pointer. r=bholley

2024-09-13 09:24:08 -07:00 · 2015-03-18 11:36:03 -07:00 · 2015-03-18 11:36:03 -07:00 · f66e0a7b52
commit f66e0a7b52
parent f471f5ff55
3 changed files with 12 additions and 23 deletions
--- a/js/xpconnect/src/XPCInlines.h
+++ b/js/xpconnect/src/XPCInlines.h
@ -548,11 +548,7 @@ XPCWrappedNative::SweepTearOffs()
            // If this tearoff does not have a live dedicated JSObject,
            // then let's recycle it.
            if (!to->GetJSObjectPreserveColor()) {
-                nsISupports* obj = to->GetNative();
-                if (obj) {
-                    obj->Release();
                to->SetNative(nullptr);
-                }
                to->SetInterface(nullptr);
            }
        }
--- a/js/xpconnect/src/XPCWrappedNative.cpp
+++ b/js/xpconnect/src/XPCWrappedNative.cpp
@ -21,6 +21,7 @@
 #include <stdint.h>
 #include "mozilla/DeferredFinalize.h"
 #include "mozilla/Likely.h"
+#include "mozilla/unused.h"
 #include "mozilla/dom/BindingUtils.h"
 #include <algorithm>

@ -905,20 +906,9 @@ XPCWrappedNative::FlatJSObjectFinalized()
            }

            // We also need to release any native pointers held...
-            nsISupports* obj = to->GetNative();
-            if (obj) {
-#ifdef XP_WIN
-                // Try to detect free'd pointer
-                MOZ_ASSERT(*(int*)obj != 0xdddddddd, "bad pointer!");
-                MOZ_ASSERT(*(int*)obj != 0,          "bad pointer!");
-#endif
-                XPCJSRuntime* rt = GetRuntime();
-                if (rt) {
-                    DeferredFinalize(obj);
-                } else {
-                    obj->Release();
-                }
-                to->SetNative(nullptr);
+            nsRefPtr<nsISupports> native = to->TakeNative();
+            if (native && GetRuntime()) {
+                DeferredFinalize(native.forget().take());
            }

            to->SetInterface(nullptr);
@ -1004,7 +994,7 @@ XPCWrappedNative::SystemIsBeingShutDown()
            }
            // We leak the tearoff mNative
            // (for the same reason we leak mIdentity - see above).
-            to->SetNative(nullptr);
+            unused << to->TakeNative().take();
            to->SetInterface(nullptr);
        }
    }
@ -1274,7 +1264,7 @@ XPCWrappedNative::InitTearOff(XPCWrappedNativeTearOff* aTearOff,
    }

    aTearOff->SetInterface(aInterface);
-    aTearOff->SetNative(qiResult.forget().take());
+    aTearOff->SetNative(qiResult);
    if (needJSObject && !InitTearOffJSObject(aTearOff))
        return NS_ERROR_OUT_OF_MEMORY;

--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@ -1954,13 +1954,14 @@ public:
    JSObject*           GetJSObjectPreserveColor() const;
    void SetInterface(XPCNativeInterface*  Interface) {mInterface = Interface;}
    void SetNative(nsISupports*  Native)              {mNative = Native;}
+    already_AddRefed<nsISupports> TakeNative() { return mNative.forget(); }
    void SetJSObject(JSObject*  JSObj);

    void JSObjectFinalized() {SetJSObject(nullptr);}
    void JSObjectMoved(JSObject *obj, const JSObject *old);

    XPCWrappedNativeTearOff()
-        : mInterface(nullptr), mNative(nullptr), mJSObject(nullptr) {}
+        : mInterface(nullptr), mJSObject(nullptr) {}
    ~XPCWrappedNativeTearOff();

    // NOP. This is just here to make the AutoMarkingPtr code compile.
@ -1977,7 +1978,9 @@ private:

 private:
    XPCNativeInterface* mInterface;
-    nsISupports*        mNative;
+    // mNative is an nsRefPtr not an nsCOMPtr because it may not be the canonical
+    // nsISupports pointer.
+    nsRefPtr<nsISupports> mNative;
    JS::TenuredHeap<JSObject*> mJSObject;
 };