mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-06-25 20:29:33 +00:00
parent
b6849d2795
commit
e9cd937020
|
@ -433,7 +433,7 @@ js::NukeCrossCompartmentWrapper(JSContext* cx, JSObject* wrapper)
|
|||
|
||||
NotifyGCNukeWrapper(wrapper);
|
||||
|
||||
wrapper->as<ProxyObject>().nuke(&DeadObjectProxy::singleton);
|
||||
wrapper->as<ProxyObject>().nuke();
|
||||
|
||||
MOZ_ASSERT(IsDeadProxyObject(wrapper));
|
||||
}
|
||||
|
|
|
@ -7,6 +7,9 @@
|
|||
#include "vm/ProxyObject.h"
|
||||
|
||||
#include "jscompartment.h"
|
||||
|
||||
#include "proxy/DeadObjectProxy.h"
|
||||
|
||||
#include "jsobjinlines.h"
|
||||
|
||||
using namespace js;
|
||||
|
@ -86,14 +89,20 @@ ProxyObject::setSameCompartmentPrivate(const Value& priv)
|
|||
}
|
||||
|
||||
void
|
||||
ProxyObject::nuke(const BaseProxyHandler* handler)
|
||||
ProxyObject::nuke()
|
||||
{
|
||||
// Clear the target reference.
|
||||
setSameCompartmentPrivate(NullValue());
|
||||
for (size_t i = 0; i < PROXY_EXTRA_SLOTS; i++)
|
||||
SetProxyExtra(this, i, NullValue());
|
||||
|
||||
/* Restore the handler as requested after nuking. */
|
||||
setHandler(handler);
|
||||
// Update the handler to make this a DeadObjectProxy.
|
||||
setHandler(&DeadObjectProxy::singleton);
|
||||
|
||||
// The proxy's extra slots are not cleared and will continue to be
|
||||
// traced. This avoids the possibility of triggering write barriers while
|
||||
// nuking proxies in dead compartments which could otherwise cause those
|
||||
// compartments to be kept alive. Note that these are slots cannot hold
|
||||
// cross compartment pointers, so this cannot cause the target compartment
|
||||
// to leak.
|
||||
}
|
||||
|
||||
JS_FRIEND_API(void)
|
||||
|
|
|
@ -102,7 +102,7 @@ class ProxyObject : public JSObject
|
|||
|
||||
static void trace(JSTracer* trc, JSObject* obj);
|
||||
|
||||
void nuke(const BaseProxyHandler* handler);
|
||||
void nuke();
|
||||
|
||||
// There is no class_ member to force specialization of JSObject::is<T>().
|
||||
// The implementation in JSObject is incorrect for proxies since it doesn't
|
||||
|
|
Loading…
Reference in New Issue
Block a user