mozilla-aurora: changeset 135207:7fc45d104920bd1b9110cbacdf07ce087d3976b1

author	Benjamin Smedberg <benjamin@smedbergs.us>
	Thu, 11 Apr 2013 07:48:09 -0400
changeset 135207	7fc45d104920bd1b9110cbacdf07ce087d3976b1
parent 135206	41f71920a83b68f48f5fa90184562e4a4709c83b
child 135208	1174a55338e8cc5ca52a57f077133e44dcb22d37
push id	3752
push user	lsblakk@mozilla.com
push date	Mon, 13 May 2013 17:21:10 +0000
treeherder	mozilla-aurora@1580544aef0b [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	luke
bugs	858900
milestone	23.0a1

Bug 858900 - Poison JSContext. r=luke

--- a/js/public/Utility.h
+++ b/js/public/Utility.h
@@ -503,16 +503,27 @@ static JS_ALWAYS_INLINE void
 js_delete(T *p)
 {
     if (p) {
         p->~T();
         js_free(p);
     }
 }
 
+template<class T>
+static JS_ALWAYS_INLINE void
+js_delete_poison(T *p)
+{
+    if (p) {
+        p->~T();
+        memset(p, 0x3B, sizeof(T));
+        js_free(p);
+    }
+}
+
 template <class T>
 static JS_ALWAYS_INLINE T *
 js_pod_malloc()
 {
     return (T *)js_malloc(sizeof(T));
 }
 
 template <class T>

--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@@ -426,17 +426,17 @@ js::DestroyContext(JSContext *cx, Destro
 
         JS::PrepareForFullGC(rt);
         GC(rt, GC_NORMAL, JS::gcreason::LAST_CONTEXT);
     } else if (mode == DCM_FORCE_GC) {
         JS_ASSERT(!rt->isHeapBusy());
         JS::PrepareForFullGC(rt);
         GC(rt, GC_NORMAL, JS::gcreason::DESTROY_CONTEXT);
     }
-    js_delete(cx);
+    js_delete_poison(cx);
 }
 
 bool
 AutoResolving::alreadyStartedSlow() const
 {
     JS_ASSERT(link);
     AutoResolving *cursor = link;
     do {

js/public/Utility.h		file \| annotate \| diff \| comparison \| revisions
js/src/jscntxt.cpp		file \| annotate \| diff \| comparison \| revisions