Bug 943516 - Add weak map wrapper preserving key callback to workers. r=peterv on a CLOSED TREE
--- a/dom/workers/RuntimeService.cpp
+++ b/dom/workers/RuntimeService.cpp
@@ -838,27 +838,38 @@ CreateJSContextForWorker(WorkerPrivate*
#ifdef JS_GC_ZEAL
JS_SetGCZeal(workerCx, settings.gcZeal, settings.gcZealFrequency);
#endif
return workerCx;
}
+static bool
+PreserveWrapper(JSContext *cx, JSObject *obj)
+{
+ MOZ_ASSERT(cx);
+ MOZ_ASSERT(obj);
+ MOZ_ASSERT(mozilla::dom::IsDOMObject(obj));
+
+ return mozilla::dom::TryPreserveWrapper(obj);
+}
+
class WorkerJSRuntime : public mozilla::CycleCollectedJSRuntime
{
public:
// The heap size passed here doesn't matter, we will change it later in the
// call to JS_SetGCParameter inside CreateJSContextForWorker.
WorkerJSRuntime(JSRuntime* aParentRuntime, WorkerPrivate* aWorkerPrivate)
: CycleCollectedJSRuntime(aParentRuntime,
WORKER_DEFAULT_RUNTIME_HEAPSIZE,
WORKER_DEFAULT_NURSERY_SIZE),
mWorkerPrivate(aWorkerPrivate)
{
+ js::SetPreserveWrapperCallback(Runtime(), PreserveWrapper);
JS_InitDestroyPrincipalsCallback(Runtime(), DestroyWorkerPrincipals);
}
~WorkerJSRuntime()
{
auto rtPrivate = static_cast<WorkerThreadRuntimePrivate*>(JS_GetRuntimePrivate(Runtime()));
delete rtPrivate;
JS_SetRuntimePrivate(Runtime(), nullptr);
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/943516.html
@@ -0,0 +1,10 @@
+<!--
+Any copyright is dedicated to the Public Domain.
+http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE html>
+<script>
+// Using a DOM bindings object as a weak map key should not crash when attempting to
+// call the preserve wrapper callback.
+new Worker("data:text/javascript;charset=UTF-8,(new WeakMap()).set(self, 0);")
+</script>
new file mode 100644
--- /dev/null
+++ b/dom/workers/test/crashtests.list
@@ -0,0 +1,1 @@
+load 943516.html
--- a/testing/crashtest/crashtests.list
+++ b/testing/crashtest/crashtests.list
@@ -21,16 +21,17 @@ include ../../dom/bindings/crashtests/cr
include ../../dom/canvas/crashtests/crashtests.list
include ../../dom/events/crashtests/crashtests.list
include ../../dom/indexedDB/crashtests/crashtests.list
include ../../dom/jsurl/crashtests/crashtests.list
include ../../dom/mathml/crashtests/crashtests.list
include ../../dom/offline/crashtests/crashtests.list
include ../../dom/plugins/test/crashtests/crashtests.list
include ../../dom/smil/crashtests/crashtests.list
+include ../../dom/workers/test/crashtests.list
include ../../dom/xbl/crashtests/crashtests.list
include ../../dom/xml/crashtests/crashtests.list
include ../../dom/xslt/crashtests/crashtests.list
# Bug 811873 - mozRTCPeerConnection doesn't support remote browser yet
skip-if(browserIsRemote||!webrtc) include ../../dom/media/tests/crashtests/crashtests.list
include ../../editor/crashtests.list
