From c8413360d4941d71d2dbe783b69e6bfceefe6c1d Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Fri, 12 Apr 2013 15:35:00 -0400 Subject: [PATCH] Bug 770840 - Add Runtime aborts when using XPCWrappedJS off-main-thread. v2 --- js/xpconnect/src/XPCWrappedJS.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/js/xpconnect/src/XPCWrappedJS.cpp b/js/xpconnect/src/XPCWrappedJS.cpp index 9f9d8482ce35..b3411ebf9444 100644 --- a/js/xpconnect/src/XPCWrappedJS.cpp +++ b/js/xpconnect/src/XPCWrappedJS.cpp @@ -12,6 +12,7 @@ #include "nsProxyRelease.h" #include "nsThreadUtils.h" #include "nsTextFormatter.h" +#include "nsCycleCollectorUtils.h" using namespace mozilla; @@ -153,6 +154,8 @@ nsXPCWrappedJS::QueryInterface(REFNSIID aIID, void** aInstancePtr) nsrefcnt nsXPCWrappedJS::AddRef(void) { + if (!MOZ_LIKELY(NS_IsMainThread() || NS_IsCycleCollectorThread())) + MOZ_CRASH(); nsrefcnt cnt = NS_AtomicIncrementRefcnt(mRefCnt); NS_LOG_ADDREF(this, cnt, "nsXPCWrappedJS", sizeof(*this)); @@ -167,6 +170,8 @@ nsXPCWrappedJS::AddRef(void) nsrefcnt nsXPCWrappedJS::Release(void) { + if (!MOZ_LIKELY(NS_IsMainThread() || NS_IsCycleCollectorThread())) + MOZ_CRASH(); NS_PRECONDITION(0 != mRefCnt, "dup release"); if (mMainThreadOnly && !NS_IsMainThread()) { @@ -274,6 +279,10 @@ nsXPCWrappedJS::GetNewOrUsed(JSObject* aJSObj, nsISupports* aOuter, nsXPCWrappedJS** wrapperResult) { + // Do a release-mode assert against accessing nsXPCWrappedJS off-main-thread. + if (!MOZ_LIKELY(NS_IsMainThread() || NS_IsCycleCollectorThread())) + MOZ_CRASH(); + AutoJSContext cx; JS::RootedObject jsObj(cx, aJSObj); JSObject2WrappedJSMap* map; @@ -557,6 +566,10 @@ nsXPCWrappedJS::CallMethod(uint16_t methodIndex, const XPTMethodDescriptor* info, nsXPTCMiniVariant* params) { + // Do a release-mode assert against accessing nsXPCWrappedJS off-main-thread. + if (!MOZ_LIKELY(NS_IsMainThread() || NS_IsCycleCollectorThread())) + MOZ_CRASH(); + if (!IsValid()) return NS_ERROR_UNEXPECTED; if (NS_IsMainThread() != mMainThread) {