Bug 1645510: Part 0 - Handle first system zone compartment having system principal. r=jandem
authorKris Maglione <maglione.k@gmail.com>
Sat, 27 Jun 2020 03:06:18 +0000
changeset 537673 56434e256a52955813614e439b493d551a98a9ee
parent 537672 f58afb4d8f95e010f14dfee4760bddbe210280a6
child 537674 821960c5fa97cbe6fabaa26182c35d1e76a3ae4e
push id37545
push usernerli@mozilla.com
push dateSat, 27 Jun 2020 09:38:32 +0000
treeherdermozilla-central@0a4b3f99d2d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1645510
milestone79.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1645510: Part 0 - Handle first system zone compartment having system principal. r=jandem Prior to this patch set, XPConnect always created the first compartment in the system zone with a content principal. The subsequent patches make that global's creation lazy, which leads us to create the first compartment in the system zone with the system principal and the NewCompartmentInSystemZone specifier. In that case, we call `setIsSystemZone()` when we create the zone, because the compartment has the system principal, and then call it again when we try to store it in `rt->gc.systemZone`, which leads to a failed assertion. This patch fixes that. Differential Revision: https://phabricator.services.mozilla.com/D79718
js/src/gc/GC.cpp
--- a/js/src/gc/GC.cpp
+++ b/js/src/gc/GC.cpp
@@ -7698,17 +7698,21 @@ Realm* js::NewRealm(JSContext* cx, JSPri
     zoneHolder = MakeUnique<Zone>(cx->runtime());
     if (!zoneHolder || !zoneHolder->init()) {
       ReportOutOfMemory(cx);
       return nullptr;
     }
 
     const JSPrincipals* trusted = rt->trustedPrincipals();
     bool isSystem = principals && principals == trusted;
-    if (isSystem) {
+    // If this is a NewCompartmentInSystemZone request, we're going to call
+    // `setIsSystemZone` below when we store the new zone in `gc.systemZone`, so
+    // don't do it here too.
+    if (isSystem &&
+        compSpec != JS::CompartmentSpecifier::NewCompartmentInSystemZone) {
       zoneHolder->setIsSystemZone();
     }
 
     zone = zoneHolder.get();
   }
 
   bool invisibleToDebugger = options.creationOptions().invisibleToDebugger();
   if (comp) {