Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-10 05:47:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1365564 - Fix GCMarker::stackContainsCrossZonePointerTo to check all proxies for cross compartment target objects r=sfink

Browse Source
This commit is contained in:
Jon Coppeard 2017-05-27 10:52:21 +02:00
parent d8e719c8a3
commit 7443a84960
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
js/src/gc/Marking.cpp
View File

@ -2607,11 +2607,16 @@ GCMarker::stackContainsCrossZonePointerTo(const Cell* target) const
if (sourceZone == targetZone)
continue;
if ((IsCrossCompartmentWrapper(source) && source->as<ProxyObject>().target() == target) ||
Debugger::isDebuggerCrossCompartmentEdge(source, target))
{
return sourceZone;
// The private slot of proxy objects might contain a cross-compartment
// pointer.
if (source->is<ProxyObject>()) {
Value value = source->as<ProxyObject>().private_();
if (value.isObject() && &value.toObject() == target)
return sourceZone;
}
if (Debugger::isDebuggerCrossCompartmentEdge(source, target))
return sourceZone;
}
return nullptr;