Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 23:35:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 940779 - Restrict the scope of a MessageEventInit so it cannot be live across a GC call, r=bent

Browse Source 
--HG--
extra : rebase_source : 2db09dc1eaab090b94f210bd2478be8d45c976a2
This commit is contained in:
Steve Fink 2013-11-19 23:03:32 -08:00
parent d0c6d79dcb
commit 6a91947708
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dom/workers/WorkerPrivate.cpp
View File

@ -5259,16 +5259,23 @@ WorkerPrivate::ConnectMessagePort(JSContext* aCx, uint64_t aMessagePortSerial)
return false;
}
MessageEventInit init;
init.mBubbles = false;
init.mCancelable = false;
init.mSource = &jsPort.toObject();
nsRefPtr<nsDOMMessageEvent> event;
{
// Bug 940779 - MessageEventInit contains unrooted JS objects, and
// ~nsRefPtr can GC, so make sure 'init' is no longer live before ~nsRefPtr
// runs (or the nsRefPtr is even created) to avoid a rooting hazard. Note
// that 'init' is live until its destructor runs, not just until its final
// use.
MessageEventInit init;
init.mBubbles = false;
init.mCancelable = false;
init.mSource = &jsPort.toObject();
ErrorResult rv;
nsRefPtr<nsDOMMessageEvent> event =
nsDOMMessageEvent::Constructor(globalObject, aCx,
NS_LITERAL_STRING("connect"), init, rv);
ErrorResult rv;
event = nsDOMMessageEvent::Constructor(globalObject, aCx,
NS_LITERAL_STRING("connect"),
init, rv);
}
event->SetTrusted(true);