diff options
| author | Philip Chimento <philip.chimento@gmail.com> | 2017-06-04 16:13:53 -0400 |
|---|---|---|
| committer | Philip Chimento <philip.chimento@gmail.com> | 2017-07-09 13:01:23 -0700 |
| commit | 1f3e16b6832b9d7f99734e38f02a2f39342b8a93 (patch) | |
| tree | f5d2cb32fe77ea3f70a2347f874f0aacb894c449 /gjs | |
| parent | 331cf87bbd47eb3dd88622902a146a6292234c96 (diff) | |
| download | gjs-1f3e16b6832b9d7f99734e38f02a2f39342b8a93.tar.gz | |
js: Unbarriered read while in weak ptr callback
Inside the weak pointer callback, we only need to compare the pointer to
nullptr. Since we don't actually use the pointer's location, no read
barrier is needed.
Previously this was not a problem, but SpiderMonkey 52 now asserts that
the heap is not active when exposing a pointer to active JS through a
read barrier, so the weak pointer callback will crash if we try to use a
read barrier.
https://bugzilla.gnome.org/show_bug.cgi?id=784196
Diffstat (limited to 'gjs')
| -rw-r--r-- | gjs/jsapi-util-root.h | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/gjs/jsapi-util-root.h b/gjs/jsapi-util-root.h index 6c6462f4..33f748db 100644 --- a/gjs/jsapi-util-root.h +++ b/gjs/jsapi-util-root.h @@ -75,7 +75,7 @@ struct GjsHeapOperation<JSObject *> { update_after_gc(JS::Heap<JSObject *> *location) { JS_UpdateWeakPointerAfterGC(location); - return (*location == nullptr); + return (location->unbarrieredGet() == nullptr); } }; @@ -197,6 +197,16 @@ public: } inline bool operator!=(const T& other) const { return !(*this == other); } + /* We can access the pointer without a read barrier if the only thing we + * are doing with it is comparing it to nullptr. */ + bool + operator==(std::nullptr_t) const + { + if (m_rooted) + return m_root->get() == nullptr; + return m_heap.unbarrieredGet() == nullptr; + } + /* You can get a Handle<T> if the thing is rooted, so that you can use this * wrapper with stack rooting. However, you must not do this if the * JSContext can be destroyed while the Handle is live. */ |