mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-30 05:35:31 +00:00
7ad35e1f86
The basic idea is that we assume the invariant that the "obj" argument is never gray if "existing" is null (and add asserts to that effect). Starting from that assumption, terrence and I audited all the return paths to ensure that gray objects are never returned. We found a few places, generally after crossing compartments with UncheckedUnwrap, where we could have gray things and inserted corresponding calls to ExposeObjectToActiveJS. If "existing" is passed in, all bets are off: both "obj" and "existing" can be gray and can get returned from here. But the only caller that passes "existing" doesn't allow the return value to escape, so it's actually safe to do this. |
||
---|---|---|
.. | ||
crashtests | ||
idl | ||
loader | ||
public | ||
shell | ||
src | ||
tests | ||
wrappers | ||
moz.build |