Bug 1382329: Part 4 - Hold mMonitor while accessing scripts in the write thread. r?erahm draft
authorKris Maglione <maglione.k@gmail.com>
Wed, 19 Jul 2017 14:16:56 -0700
changeset 611523 1f6e716edc74aa291b4bfe8970b35ffe0c5a7e9b
parent 611522 800aad98f57bacb85f412e074e0ca35fe2d2dfa7
child 638193 72677136e7af286161d33c1423962125871fd6e8
push id69255
push usermaglione.k@gmail.com
push dateWed, 19 Jul 2017 21:25:43 +0000
reviewerserahm
bugs1382329
milestone56.0a1
Bug 1382329: Part 4 - Hold mMonitor while accessing scripts in the write thread. r?erahm MozReview-Commit-ID: 66se8G27sqQ
js/xpconnect/loader/ScriptPreloader.cpp
--- a/js/xpconnect/loader/ScriptPreloader.cpp
+++ b/js/xpconnect/loader/ScriptPreloader.cpp
@@ -267,20 +267,20 @@ ScriptPreloader::Cleanup()
     }
 
     // Wait for any pending parses to finish before clearing the mScripts
     // hashtable, since the parse tasks depend on memory allocated by those
     // scripts.
     {
         MonitorAutoLock mal(mMonitor);
         FinishPendingParses(mal);
+
+        mScripts.Clear();
     }
 
-    mScripts.Clear();
-
     AutoSafeJSAPI jsapi;
     JS_RemoveExtraGCRootsTracer(jsapi.cx(), TraceOp, this);
 
     UnregisterWeakMemoryReporter(this);
 }
 
 void
 ScriptPreloader::InvalidateCache()
@@ -630,16 +630,21 @@ ScriptPreloader::WriteCache()
     if (exists) {
         NS_TRY(cacheFile->Remove(false));
     }
 
     {
         AutoFDClose fd;
         NS_TRY(cacheFile->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE, 0644, &fd.rwget()));
 
+        // We also need to hold mMonitor while we're touching scripts in
+        // mScripts, or they may be freed before we're done with them.
+        mMonitor.AssertNotCurrentThreadOwns();
+        MonitorAutoLock mal(mMonitor);
+
         nsTArray<CachedScript*> scripts;
         for (auto& script : IterHash(mScripts, Match<ScriptStatus::Saved>())) {
             scripts.AppendElement(script);
         }
 
         // Sort scripts by load time, with async loaded scripts before sync scripts.
         // Since async scripts are always loaded immediately at startup, it helps to
         // have them stored contiguously.